4 matches found
GroundWork monarch_scan.cgi OS Command Injection (CVE-2013-3502)
A vulnerability exists in GroundWork 6.7.0. The vulnerability exists in the monarchscan.cgi where user controlled input is used in a perl function. This allows any remote authenticated attacker, regardless of privileges, to inject system commands and gain arbitrary code execution...
CVE-2013-3502
GroundWork Monitor Enterprise 6.7.0 is affected by CVE-2013-3502 via monarch_scan.cgi. The root cause is untrusted user input used in a Perl function (qx), enabling remote authenticated attackers to inject commands and achieve arbitrary code execution and potential data exposure. A Metasploit mod...
CVE-2013-3502
monarchscan.cgi in the MONARCH component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to execute arbitrary commands, and consequently obtain sensitive information, by leveraging a JOSSO SSO cookie...
CVE-2013-3502
creationtimestamp| type| source ---|---|--- 2013-04-25 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/25001 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/groundworkmonarchcmdexec.rb 2025-02-06 03:13:41+00:00...