Primary

Context

Web Check Command Injection Vulnerability in Screenshot API Allowing Remote Code Execution

Vulnerability

A command injection vulnerability has been identified in the screenshot API of the Web Check project (Lissy93/web-check) in versions prior to 2.0.0. The vulnerability arises from user-controlled input being passed unsanitized into a shell command via exec(), which allows attackers to execute arbitrary system commands on the host. Exploitation could involve sending crafted URL parameters to extract files or establish remote access.

Impact

Exploitation of this vulnerability allows for remote code execution on the server where Web Check is running.

Remediation

Users can update to version 2.0.1 or apply the specific commit that addresses this vulnerability by replacing exec() with execFile(), which prevents shell interpolation and execution.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

8.1

remediation

7.7

relevance

0.0

threat

4.1

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

8.1

remediation

7.7

relevance

0.0

threat

4.1

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Web Check Command Injection Vulnerability in Screenshot API Allowing Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating