CVE-2026-2184
7.3 HIGHPublished 2026-02-08 · Modified 2026-02-09 · Awaiting Analysis
Quick Summary
A critical vulnerability in the Great Developers Certificate Generation System allows attackers to execute arbitrary operating system commands by manipulating the 'photo' parameter. This matters because it provides a direct path for attackers to take full control of the affected server.
Who is affected
Any organization using an unpatched version of this system is affected. An attacker could steal data, install malware, or use the server as a launch point for further attacks.
Recommended fix
Since a specific patched version is not available, the only remediation is to immediately remove or disable the vulnerable `/restructured/csv.php` file until the project provides an official fix from its repository.
Technical Description
A vulnerability was detected in Great Developers Certificate Generation System up to 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73. This vulnerability affects unknown code of the file /restructured/csv.php. The manipulation of the argument photo results in os command injection. The attack can be executed remotely. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The code repository of the project has not been active for many years.
CVSS Details
Attack Vector
NETWORK
Complexity
LOW
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE
CWE-78, CWE-77