Enviar #825315: php-censor <= 2.1.6 OS Command Injectioninformación

Títulophp-censor <= 2.1.6 OS Command Injection
DescripciónPHP Censor (all versions through 2.1.6) allows unauthenticated OS command injection via the webhook endpoint. The WebhookController is whitelisted from authentication checks in Application.php, and the "branch" and "commit" parameters from GET/POST requests to /webhook/git/<projectId> are passed unsanitized through sprintf() into shell commands executed via Symfony Process::fromShellCommandline(). A remote unauthenticated attacker can inject arbitrary OS commands by sending a crafted branch parameter (e.g., ?branch=$(id)), which is executed asynchronously by the Worker process. In the default Docker deployment, commands run as root.
Fuente⚠️ https://github.com/php-censor/php-censor/issues/442
Usuario
 anch0r (UID 96691)
Sumisión2026-05-11 08:54 (hace 26 días)
Moderación2026-05-31 16:19 (20 days later)
EstadoAceptado
Entrada de VulDB367552 [php-censor hasta 2.1.6 Webhook Endpoint GitBuild.php commitId escalada de privilegios]
Puntos20

AnteriorVisión De ConjuntoPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!