CVE-2013-3509

2013-05-0810:00:00

mitre

www.cve.org

vulnerability

groundwork monitor enterprise

remote authenticated users

arbitrary commands

AI Score

7.2

Confidence

High

EPSS

0.003

Percentile

65.5%

JSON

html/System-NeDi.php in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the scan functionality in the System / NeDi menu.

References

www.kb.cert.org/vuls/id/345260

kb.groundworkopensource.com/display/SUPPORT/SA6.7.0-1+Some+web+components+allow+bypass+of+role+access+controls

www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130308-1_GroundWork_Monitoring_Multiple_high_risk_vulnerabilities_part2_wo_poc_v10.txt