CNNVD-202601-1889 Information

CNNVD ID

CNNVD-202601-1889

Related CVE

CVE-2023-54339

• CNNVD Published: 2026-01-13

Description (Chinese)

Webgrind是Joakim Nygård个人开发者的一款基于Web的PHP性能分析工具。 Webgrind 1.1版本存在操作系统命令注入漏洞，该漏洞源于index.php中的dataFile参数未经验证，可能导致未经身份验证的攻击者注入操作系统命令。

Description (English)

Webgrind is a Web-based PHP performance analysis tool for Joakim Nygård’s personal developers. Version 1.1 of Webgrind contains a loophole in the operating system command, which originates from unverified dataFile parameters in index.php, which may result in an unidentified attacker injecting an operating system command.

Hazard Level

Low

Vulnerability Type

操作系统命令注入

Affected Vendor

个人开发者

Published

2026-01-13

Last Modified

2026-02-24

References

http://github.com/jokkedk/webgrind/ https://www.exploit-db.com/exploits/51074 https://www.vulncheck.com/advisories/webgrind-remote-command-execution-rce-via-datafile-parameter

Patch

https://github.com/jokkedk/webgrind/releases