Description
A security vulnerability has been detected in Great Developers Certificate Generation System up to 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73. This affects an unknown part of the file /restructured/csv.php. The manipulation leads to unrestricted upload. Remote exploitation of the attack is possible. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The code repository of the project has not been active for many years.
Published: 2026-02-08
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

The Exploit in the Certificate Generation System allows attackers to upload arbitrary files through the /restructured/csv.php endpoint without any validation. This lack of type or permission checks can lead to execution of malicious scripts on the server, effectively granting remote code execution. The flaw is identified by CWE‑284 for missing authorization and CWE‑434 for unrestricted file upload.

Affected Systems

This vulnerability affects all releases of Great Developers Certificate Generation System up to the commit 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73. Because the project uses a rolling release model and the repository has been inactive, specific downstream versions that may still be in use are not documented. Operators should assume any version that includes the /restructured/csv.php functionality without recent fixes is potentially vulnerable.

Risk and Exploitability

The CVSS score of 5.3 indicates medium severity, while the EPSS score of less than 1% points to a low probability of exploitation in the wild. The vulnerability is not listed in CISA’s KEV catalogue. Attackers can exploit the flaw remotely by accessing the certificate upload page, uploading a crafted file, and triggering its execution. Mitigation is straightforward when the server is properly configured; without it, the vulnerability could be a stepping stone into the host system.

Generated by OpenCVE AI on April 17, 2026 at 21:44 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Deploy the latest version of Great Developers Certificate Generation System that removes the unrestricted upload from /restructured/csv.php, or apply any fix the vendor issues.
  • Configure the upload endpoint to enforce strict file type validation, accepting only CSV files, and verify MIME types and extensions on the server side.
  • Restrict upload access to authenticated and authorized users, ensuring that only privileged accounts can perform uploads (CWE‑284 mitigation).
  • Employ a web application firewall or intrusion detection system to block malicious payloads on the upload interface.
  • Monitor web logs for unusual upload activity and investigate anomalous file creations.

Generated by OpenCVE AI on April 17, 2026 at 21:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Feb 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Greatdevelopers
Greatdevelopers certificate
CPEs cpe:2.3:a:greatdevelopers:certificate:*:*:*:*:*:*:*:*
Vendors & Products Greatdevelopers
Greatdevelopers certificate

Mon, 09 Feb 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 09 Feb 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Great Developers
Great Developers certificate Generation System
Vendors & Products Great Developers
Great Developers certificate Generation System

Sun, 08 Feb 2026 20:15:00 +0000

Type Values Removed Values Added
Description A security vulnerability has been detected in Great Developers Certificate Generation System up to 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73. This affects an unknown part of the file /restructured/csv.php. The manipulation leads to unrestricted upload. Remote exploitation of the attack is possible. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The code repository of the project has not been active for many years.
Title Great Developers Certificate Generation System csv.php unrestricted upload
Weaknesses CWE-284
CWE-434
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X'}

Subscriptions

Great Developers Certificate Generation System
Greatdevelopers Certificate
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-02-23T09:48:54.629Z

Reserved: 2026-02-07T15:27:43.289Z

Link: CVE-2026-2183

cve-icon Vulnrichment

Updated: 2026-02-09T21:06:42.629Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-08T20:15:51.573

Modified: 2026-02-24T14:45:10.347

Link: CVE-2026-2183

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T21:45:28Z

Weaknesses