CVE-2018-12909
CVE-2018-12909
Vexday Risk Score
23Bajo
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
Madurez del exploit
Exploit funcional
Exploit automatizable disponible (Nuclei/Metasploit).
CVSS —EPSS 18.6%KEV nãoPoC —Nuclei simMetasploit —Patch —
Ciclo de vida
27 jun 2018Publicada en NVD
Recomendación: Planificar corrección próxima — ya existe PoC pública.
Webgrind 1.5 relies on user input to display a file, which lets anyone view files from the local filesystem (that the webserver user has access to) via an index.php?op=fileviewer&file= URI. NOTE: the vendor indicates that the product is not intended for a "publicly accessible environment.
Productos afectados
n/a · n/a