CVE-2026-10273 | php-censor up to 2.1.6 Webhook Endpoint GitBuild.php commitId os command injection (Issue 442)

Inserito da Angelo Barbosa | Mag 31, 2026 | CVE

A vulnerability identified as critical has been detected in php-censor up to 2.1.6. This affects an unknown function of the file src/Model/Build/GitBuild.php of the component Webhook Endpoint. Performing a manipulation of the argument commitId results in os command injection.

This vulnerability is identified as CVE-2026-10273. The attack can be initiated remotely. Additionally, an exploit exists.

It is recommended to apply a patch to fix this issue.

CVE-2026-10273 | php-censor up to 2.1.6 Webhook Endpoint GitBuild.php commitId os command injection (Issue 442)

Post correlati

CVE-2025-11330 | PHPGurukul Beauty Parlour Management System 1.1 sales-reports-detail.php fromdate/todate sql injection

CVE-2024-3692 | Gutenverse Plugin up to 1.9.0 on WordPress htmlTag cross site scripting

CVE-2024-35982 | Linux Kernel up to 6.8.6 batman-adv infinite loop

CVE-2024-39674 | Huawei HarmonyOS/EMUI Gallery Search Module cleartext storage