Volerion logoVolerion
Volerion logoVolerion

Whoogle Search Arbitrary Code Execution Vulnerability

Vulnerability

A remote code execution vulnerability exists in Whoogle Search version 0.9.0. The issue arises in the config.py model, where insecure deserialization of data allows attackers to execute arbitrary code by sending a crafted search query. This vulnerability has been patched in version 0.9.3.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the server where Whoogle Search is running.

Reproduction

To reproduce this vulnerability, send a search query that includes a payload designed to exploit the insecure deserialization. The payload should be crafted to execute arbitrary code when the application processes the query. This can be done by encoding the payload in a way that bypasses any input validation or sanitization.

Remediation

Users are advised to update Whoogle Search to version 0.9.3 or later, where this vulnerability has been fixed.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
5.7
impact
10.0
exploitability
9.1
remediation
7.7
relevance
0.0
threat
6.4
urgency
2.9
incentive
10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.