CVE-2026-10273: OS Command Injection in php-censor
A vulnerability was found in php-censor up to 2.1.6. This affects an unknown function of the file src/Model/Build/GitBuild.php of the component Webhook Endpoint. Performing a manipulation of the argument commitId results in os command injection. The attack can be initiated remotely. The exploit has been made public and could be used. The patch is named cd68d102601320bd319d590b75f7652e66f0685f. It is recommended to apply a patch to fix this issue.
AI Analysis
Technical Summary
This vulnerability in php-censor (up to version 2.1.6) allows an attacker to perform OS command injection via the commitId argument in the Webhook Endpoint component (src/Model/Build/GitBuild.php). The flaw enables remote attackers to execute arbitrary OS commands on the affected system without requiring privileges or user interaction. The vulnerability has a CVSS 4.0 base score of 6.9, indicating medium severity. A patch has been released (commit cd68d102601320bd319d590b75f7652e66f0685f) to remediate this issue.
Potential Impact
Successful exploitation allows remote attackers to execute arbitrary operating system commands on the server running php-censor, potentially leading to system compromise or unauthorized actions. The vulnerability does not require authentication or user interaction, increasing the risk of exploitation. However, no known exploits in the wild have been reported at this time.
Mitigation Recommendations
A patch is available to fix this vulnerability, identified by commit cd68d102601320bd319d590b75f7652e66f0685f. It is strongly recommended to apply this patch promptly to remediate the issue. Since the product is not a cloud service, remediation depends on the user applying the patch. No vendor advisory content is provided to indicate alternative mitigations or that no action is required.
CVE-2026-10273: OS Command Injection in php-censor
Description
A vulnerability was found in php-censor up to 2.1.6. This affects an unknown function of the file src/Model/Build/GitBuild.php of the component Webhook Endpoint. Performing a manipulation of the argument commitId results in os command injection. The attack can be initiated remotely. The exploit has been made public and could be used. The patch is named cd68d102601320bd319d590b75f7652e66f0685f. It is recommended to apply a patch to fix this issue.
CVSS v4.0
Score 6.9medium
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in php-censor (up to version 2.1.6) allows an attacker to perform OS command injection via the commitId argument in the Webhook Endpoint component (src/Model/Build/GitBuild.php). The flaw enables remote attackers to execute arbitrary OS commands on the affected system without requiring privileges or user interaction. The vulnerability has a CVSS 4.0 base score of 6.9, indicating medium severity. A patch has been released (commit cd68d102601320bd319d590b75f7652e66f0685f) to remediate this issue.
Potential Impact
Successful exploitation allows remote attackers to execute arbitrary operating system commands on the server running php-censor, potentially leading to system compromise or unauthorized actions. The vulnerability does not require authentication or user interaction, increasing the risk of exploitation. However, no known exploits in the wild have been reported at this time.
Mitigation Recommendations
A patch is available to fix this vulnerability, identified by commit cd68d102601320bd319d590b75f7652e66f0685f. It is strongly recommended to apply this patch promptly to remediate the issue. Since the product is not a cloud service, remediation depends on the user applying the patch. No vendor advisory content is provided to indicate alternative mitigations or that no action is required.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-05-31T14:18:58.741Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a1dbb9de29bf47b501c5689
Added to database: 6/1/2026, 5:04:29 PM
Last enriched: 6/1/2026, 5:34:18 PM
Last updated: 6/2/2026, 4:58:10 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.