Description
A vulnerability was detected in Great Developers Certificate Generation System up to 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73. This vulnerability affects unknown code of the file /restructured/csv.php. The manipulation of the argument photo results in os command injection. The attack can be executed remotely. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The code repository of the project has not been active for many years.
Published: 2026-02-08
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote Command Execution
Action: Patch
AI Analysis

Impact

A recent analysis uncovered an OS command injection vulnerability in the Great Developers Certificate Generation System, specifically in the /restructured/csv.php file. The flaw arises when the 'photo' argument is manipulated, allowing an attacker to inject and execute arbitrary operating‑system commands on the host running the application. This type of weakness permits complete compromise of the system, giving the attacker full control over confidentiality, integrity, and availability.

Affected Systems

The affected product is the Great Developers Certificate Generation System, deployed by the vendor Great Developers. The vulnerable code path is the /restructured/csv.php file, and all versions up to commit 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73 are potentially affected. The product uses a rolling release model, and the code repository has not been maintained for several years, so updated or patched releases are currently unavailable.

Risk and Exploitability

The CVSS base score of 6.9 indicates a medium severity vulnerability, but the associated EPSS score of less than 1% shows a very low probability of exploitation in the wild. The strength of the attack is remote, requiring only that the victim browse or submit a request to the compromised endpoint. While the vulnerability is not listed in the CISA KEV catalog, the lack of an official fix and ongoing maintenance uncertainty elevate the risk, necessitating immediate mitigation actions.

Generated by OpenCVE AI on April 17, 2026 at 21:44 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Restrict external access to or disable the /restructured/csv.php endpoint.
  • Implement input validation or sanitization for the 'photo' parameter, rejecting or escaping non‑safe characters.
  • Upgrade to a newer, actively maintained certificate generation solution or apply a patch once available.

Generated by OpenCVE AI on April 17, 2026 at 21:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Feb 2026 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Greatdevelopers
Greatdevelopers certificate
CPEs cpe:2.3:a:greatdevelopers:certificate:*:*:*:*:*:*:*:*
Vendors & Products Greatdevelopers
Greatdevelopers certificate

Mon, 09 Feb 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 09 Feb 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Great Developers
Great Developers certificate Generation System
Vendors & Products Great Developers
Great Developers certificate Generation System

Sun, 08 Feb 2026 21:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was detected in Great Developers Certificate Generation System up to 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73. This vulnerability affects unknown code of the file /restructured/csv.php. The manipulation of the argument photo results in os command injection. The attack can be executed remotely. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The code repository of the project has not been active for many years.
Title Great Developers Certificate Generation System csv.php os command injection
Weaknesses CWE-77
CWE-78
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:ND/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X'}

Subscriptions

Great Developers Certificate Generation System
Greatdevelopers Certificate
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-02-23T09:49:08.495Z

Reserved: 2026-02-07T15:27:51.484Z

Link: CVE-2026-2184

cve-icon Vulnrichment

Updated: 2026-02-09T21:07:26.041Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-08T21:15:47.140

Modified: 2026-02-24T14:41:22.790

Link: CVE-2026-2184

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T21:45:28Z

Weaknesses