Unrated severityOSV Advisory· Published Jan 13, 2026· Updated Mar 5, 2026
Webgrind 1.1 - Remote Command Execution (RCE) via dataFile Parameter
CVE-2023-54339
Description
Webgrind 1.1 contains a remote command execution vulnerability that allows unauthenticated attackers to inject OS commands via the dataFile parameter in index.php. Attackers can execute arbitrary system commands by manipulating the dataFile parameter, such as using payload '0%27%26calc.exe%26%27' to execute commands on the target system.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=1.1
Patches
Vulnerability mechanics
References
2- www.exploit-db.com/exploits/51074mitreexploit
- www.vulncheck.com/advisories/webgrind-remote-command-execution-rce-via-datafile-parametermitrethird-party-advisory
News mentions
0No linked articles in our index yet.