Summary
Webgrind is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to view files and execute local scripts in the context of the webserver process. This may aid in further attacks.
Webgrind 1.0 (v1.02 in trunk on github) are vulnerable other versions may also be affected.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2011-3047 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- 3Com OfficeConnect VPN Firewall Default Password Security Bypass Vulnerability
- Apache Solr XML External Entity(XXE) Vulnerability-02 Jan-14
- Atmail Multiple Unspecified Security Vulnerabilities.
- Andy's PHP Knowledgebase 's' Parameter SQL Injection Vulnerability
- ActivDesk Multiple Cross Site Scripting and SQL Injection Vulnerabilities