CVE-2018-12909

HIGH NUCLEI

Webgrind - Path Traversal

Title source: rule

Description

Webgrind 1.5 relies on user input to display a file, which lets anyone view files from the local filesystem (that the webserver user has access to) via an index.php?op=fileviewer&file= URI. NOTE: the vendor indicates that the product is not intended for a "publicly accessible environment.

Nuclei Templates (1)

Webgrind <= 1.5 - Local File Inclusion

HIGHVERIFIEDby DhiyaneshDk

FOFA: app="Webgrind" || app="webgrind"

References (1)

[Issue Tracking, Third Party Advisory] https://github.com/jokkedk/webgrind/issues/112

Scores

CVSS v3 7.5

EPSS 0.8974

EPSS Percentile 99.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-22

Status published

Products (1)

webgrind_project/webgrind 1.5.0

Published Jun 27, 2018

Tracked Since Feb 18, 2026