CVE-2013-3509

html/System-NeDi.php in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the scan functionality in the System / NeDi menu.
Configurations

Configuration 1 (hide)

cpe:2.3:a:gwos:groundwork_monitor:6.7.0:-:enterprise:*:*:*:*:*

History

21 Nov 2024, 01:53

Type Values Removed Values Added
References () http://www.kb.cert.org/vuls/id/345260 - US Government Resource () http://www.kb.cert.org/vuls/id/345260 - US Government Resource
References () https://kb.groundworkopensource.com/display/SUPPORT/SA6.7.0-1+Some+web+components+allow+bypass+of+role+access+controls - () https://kb.groundworkopensource.com/display/SUPPORT/SA6.7.0-1+Some+web+components+allow+bypass+of+role+access+controls -
References () https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130308-1_GroundWork_Monitoring_Multiple_high_risk_vulnerabilities_part2_wo_poc_v10.txt - () https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130308-1_GroundWork_Monitoring_Multiple_high_risk_vulnerabilities_part2_wo_poc_v10.txt -

Information

Published : 2013-05-08 12:09

Updated : 2024-11-21 01:53


NVD link : CVE-2013-3509

Mitre link : CVE-2013-3509

CVE.ORG link : CVE-2013-3509


JSON object : View

Products Affected

gwos

  • groundwork_monitor
CWE
CWE-264

Permissions, Privileges, and Access Controls