CVE-2018-12909
CVE-2018-12909
Vexday Risk Score
23Low
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 18.6%KEV nãoPoC —Nuclei simMetasploit —Patch —
Lifecycle
27 Jun 2018Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
Webgrind 1.5 relies on user input to display a file, which lets anyone view files from the local filesystem (that the webserver user has access to) via an index.php?op=fileviewer&file= URI. NOTE: the vendor indicates that the product is not intended for a "publicly accessible environment.
Affected products
n/a · n/a