CVE-2026-2183
Unrestricted File Upload in Great Developers Certificate System
Publication date: 2026-02-08
Last updated on: 2026-02-24
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| greatdevelopers | certificate | to 2017-10-16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-2183 is an Arbitrary File Upload vulnerability in the Great Developers Certificate Generation System. It occurs in the CSV upload functionality where the system only checks the file extension but does not properly sanitize the filename or validate the MIME type and content. Attackers can upload malicious files by crafting filenames like "payload.csv.php" which bypass validation. These files are stored in a web-accessible directory, potentially allowing remote attackers to execute malicious scripts on the server.'}] [1, 3]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized remote code execution by allowing attackers to upload and execute malicious files on the server. It impacts the confidentiality, integrity, and availability of the affected system. Exploitation can result in system compromise, data breaches, or service disruption.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by identifying the presence of the vulnerable file upload functionality in the Great Developers Certificate Generation System, specifically the file /restructured/csv.php.'}, {'type': 'paragraph', 'content': 'One suggested method is to use Google dorking with the query: inurl:restructured/csv.php to find potentially vulnerable targets.'}, {'type': 'paragraph', 'content': 'On your system or network, you can check for the existence of the vulnerable file and test the upload functionality by attempting to upload files with crafted filenames such as "payload.csv.php" to see if the system improperly accepts and stores them.'}, {'type': 'paragraph', 'content': 'Commands to find the file on a Unix-like system could include:'}, {'type': 'list_item', 'content': 'find / -type f -name csv.php 2>/dev/null'}, {'type': 'list_item', 'content': "grep -r 'upload' /path/to/application"}, {'type': 'paragraph', 'content': 'To detect suspicious uploaded files, you can list files in the upload directory and look for files with double extensions or unexpected extensions, for example:'}, {'type': 'list_item', 'content': 'ls -l /path/to/upload/directory | grep ".csv.php"'}] [3, 1]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'Immediate mitigation steps include disabling or restricting the file upload functionality in the Great Developers Certificate Generation System, especially the CSV upload feature.'}, {'type': 'paragraph', 'content': 'If disabling is not possible, implement strict validation on uploaded files by checking MIME types, enforcing file size limits, and sanitizing filenames to prevent dangerous extensions or double extensions.'}, {'type': 'paragraph', 'content': 'Ensure that uploaded files are stored outside of web-accessible directories or configure the web server to prevent execution of uploaded files.'}, {'type': 'paragraph', 'content': "Since the product's code repository has been inactive for many years and no official patches or mitigations are available, it is recommended to replace the affected product with an alternative solution."}] [3, 1]