Critical Severity Vulnerability
This vulnerability has been rated as Critical severity. Immediate action is recommended.
CVE-2023-54339
Critical
Low
Medium
High
Critical
9.8
CVSS Score
Published: Jan 13, 2026
Last Modified: Jan 14, 2026
Vulnerability Description
Webgrind 1.1 contains a remote command execution vulnerability that allows unauthenticated attackers to inject OS commands via the dataFile parameter in index.php. Attackers can execute arbitrary system commands by manipulating the dataFile parameter, such as using payload '0%27%26calc.exe%26%27' to execute commands on the target system.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
N
Attack Complexity
L
Privileges Required
N
User Interaction
N
Scope
U
Confidentiality
H
Integrity
H
Availability
H
References & Resources
-
http://github.com/jokkedk/webgrind/disclosure@vulncheck.com
-
https://www.exploit-db.com/exploits/51074disclosure@vulncheck.com
-
https://www.vulncheck.com/advisories/webgrind-remote-command-execution-rce-via-datafile-parameterdisclosure@vulncheck.com
-
https://www.exploit-db.com/exploits/51074134c704f-9b21-4f2e-91b3-4a467353bcc0
Severity Details
9.8
out of 10.0
Critical
Key Information
- Published Date
- January 13, 2026
