Webgrind · Webgrind · CVE-2012-1790
**Name of the Vulnerable Software and Affected Versions**
Webgrind versions 1.0 through 1.0.2
**Description**
The issue allows remote attackers to read arbitrary files by providing a full pathname in the `file` parameter to the "index.php" endpoint.
**Recommendations**
For Webgrind versions 1.0 through 1.0.2, consider restricting access to the `file` parameter in the "index.php" endpoint until a patch is available.