Submeter #825315: php-censor <= 2.1.6 OS Command Injectioninformação

Títulophp-censor <= 2.1.6 OS Command Injection
DescriçãoPHP Censor (all versions through 2.1.6) allows unauthenticated OS command injection via the webhook endpoint. The WebhookController is whitelisted from authentication checks in Application.php, and the "branch" and "commit" parameters from GET/POST requests to /webhook/git/<projectId> are passed unsanitized through sprintf() into shell commands executed via Symfony Process::fromShellCommandline(). A remote unauthenticated attacker can inject arbitrary OS commands by sending a crafted branch parameter (e.g., ?branch=$(id)), which is executed asynchronously by the Worker process. In the default Docker deployment, commands run as root.
Fonte⚠️ https://github.com/php-censor/php-censor/issues/442
Utilizador
 anch0r (UID 96691)
Submissão11/05/2026 08h54 (há 24 dias)
Moderação31/05/2026 16h19 (20 days later)
EstadoAceite
Entrada VulDB367552 [php-censor até 2.1.6 Webhook Endpoint GitBuild.php commitId Elevação de Privilégios]
Pontos20

VoltarVisão GeralPróximo

Interested in the pricing of exploits?

See the underground prices here!