CVE-2026-2184
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
3Description
A vulnerability was detected in Great Developers Certificate Generation System up to 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73. This vulnerability affects unknown code of the file /restructured/csv.php. The manipulation of the argument photo results in os command injection. The attack can be executed remotely. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The code repository of the project has not been active for many years.
Analysis
OS command injection in Great Developers Certificate Generation System's CSV processing functionality allows unauthenticated remote attackers to execute arbitrary system commands through the photo parameter in /restructured/csv.php. Public exploit code exists for this vulnerability, and no patch is currently available, affecting systems using the abandoned project with a rolling release model.
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all systems running Great Developers Certificate Generation System and assess exposure; implement network-level access controls to restrict traffic to /restructured/csv.php. Within 7 days: Deploy WAF rules to block malicious payloads targeting the CSV endpoint; disable CSV functionality if operationally feasible; escalate with vendor for emergency patch timeline. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today