CVE-2013-3508

2013-05-0810:00:00

mitre

www.cve.org

cve-2013-3508

system file overview

nedi component

groundwork monitor enterprise

remote authenticated users

arbitrary commands

file editing

AI Score

7.1

Confidence

Low

EPSS

0.003

Percentile

68.8%

JSON

html/System-Files.php in the System File Overview feature in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to execute arbitrary commands via vectors involving file editing.

References

www.kb.cert.org/vuls/id/345260

kb.groundworkopensource.com/display/SUPPORT/SA6.7.0-1+Some+web+components+allow+bypass+of+role+access+controls

www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130308-1_GroundWork_Monitoring_Multiple_high_risk_vulnerabilities_part2_wo_poc_v10.txt