webgrind_project CVE Vulnerabilities & Metrics

Focus on webgrind_project vulnerabilities and metrics.

Last updated: 15 Feb 2026, 23:25 UTC

About webgrind_project Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with webgrind_project. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total webgrind_project CVEs: 3
Earliest CVE date: 19 Mar 2012, 18:55 UTC
Latest CVE date: 13 Jan 2026, 23:16 UTC

Latest CVE reference: CVE-2023-54341

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 2

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): -100.0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): -100.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical webgrind_project CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 3.2

Max CVSS: 7.8

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	2
4.0-6.9	1
7.0-8.9	1
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS webgrind_project CVEs

These are the five CVEs with the highest CVSS scores for webgrind_project, sorted by severity first and recency.

CVE-2018-12909 webgrind_project Published on 27 Jun 2018, 16:29 UTC (CVSS: 7.8)
Webgrind 1.5 relies on user input to display a file, which lets anyone view files from the local filesystem (that the webserver user has access to) via an index.php?op=fileviewer&file= URI. NOTE: the vendor indicates that the product is not intended for a "publicly accessible environment.
CVE-2012-1790 webgrind_project Published on 19 Mar 2012, 18:55 UTC (CVSS: 5.0)
Absolute path traversal vulnerability in Webgrind 1.0 and 1.0.2 allows remote attackers to read arbitrary files via a full pathname in the file parameter to index.php.
CVE-2023-54341 webgrind_project Published on 13 Jan 2026, 23:16 UTC (CVSS: 0)
Webgrind 1.1 and before contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts via the file parameter in index.php. The application does not sufficiently encode user-controlled inputs, allowing attackers to execute arbitrary JavaScript in victim's browsers by crafting malicious URLs.
CVE-2023-54339 webgrind_project Published on 13 Jan 2026, 23:16 UTC (CVSS: 0)
Webgrind 1.1 contains a remote command execution vulnerability that allows unauthenticated attackers to inject OS commands via the dataFile parameter in index.php. Attackers can execute arbitrary system commands by manipulating the dataFile parameter, such as using payload '0%27%26calc.exe%26%27' to execute commands on the target system.

All CVEs for webgrind_project

CVE-2023-54341 webgrind_project vulnerability CVSS: 0 13 Jan 2026, 23:16 UTC

Webgrind 1.1 and before contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts via the file parameter in index.php. The application does not sufficiently encode user-controlled inputs, allowing attackers to execute arbitrary JavaScript in victim's browsers by crafting malicious URLs.

CVE-2023-54339 webgrind_project vulnerability CVSS: 0 13 Jan 2026, 23:16 UTC

Webgrind 1.1 contains a remote command execution vulnerability that allows unauthenticated attackers to inject OS commands via the dataFile parameter in index.php. Attackers can execute arbitrary system commands by manipulating the dataFile parameter, such as using payload '0%27%26calc.exe%26%27' to execute commands on the target system.

CVE-2018-12909 webgrind_project vulnerability CVSS: 7.8 27 Jun 2018, 16:29 UTC

Webgrind 1.5 relies on user input to display a file, which lets anyone view files from the local filesystem (that the webserver user has access to) via an index.php?op=fileviewer&file= URI. NOTE: the vendor indicates that the product is not intended for a "publicly accessible environment.

CVE-2012-1790 webgrind_project vulnerability CVSS: 5.0 19 Mar 2012, 18:55 UTC

Absolute path traversal vulnerability in Webgrind 1.0 and 1.0.2 allows remote attackers to read arbitrary files via a full pathname in the file parameter to index.php.