Remote Command Execution Vulnerability in Webgrind 1.1 by Webgrind
CVE-2023-54339

9.3CRITICAL

Key Information:

Vendor

Jokkedk

Status
Webgrind
Vendor
CVE Published:
13 January 2026

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2023-54339?

Webgrind 1.1 is susceptible to a remote command execution vulnerability that enables unauthenticated attackers to inject and execute arbitrary operating system commands through manipulation of the dataFile parameter in the index.php file. This flaw allows malicious users to execute commands on the vulnerable system, potentially compromising its security. Specifically, by crafting a payload like '0%27%26calc.exe%26%27', attackers can exploit this weakness to gain unauthorized system access.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Webgrind 1.1

References

https://www.exploit-db.com/exploits/51074
exploit
http://github.com/jokkedk/webgrind/
product
https://www.vulncheck.com/advisories/webgrind-remote-comm...
third-party-advisory

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Rafael Pedrero
JSON
.