Command injection

A command injection vulnerability was identified in PRTG 23.2.84.1566 and earlier versions in the HL7 sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. The severity of this...

Path traversal

A path traversal vulnerability was identified in the HL7 sensor in PRTG 23.2.84.1566 and earlier versions where an authenticated user with write permissions could trick the HL7 sensor into behaving differently for existing files and non-existing files. This made it possible to traverse paths,...

CVE-2023-31449

A path traversal vulnerability was identified in the WMI Custom sensor in PRTG 23.2.84.1566 and earlier versions where an authenticated user with write permissions could trick the WMI Custom sensor into behaving differently for existing files and non-existing files. This made it possible to...

CVE-2023-32781

A command injection vulnerability was identified in PRTG 23.2.84.1566 and earlier versions in the HL7 sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. The severity of this...

CVE-2023-32781

CVE-2023-32781 affects Paessler PRTG Network Monitor, specifically the HL7 sensor in versions 23.2.84.1566 and earlier. Affects an authenticated user with write permissions who can abuse the sensor’s debug option to write new files, potentially enabling execution by the EXE/Script sensor and resu...

CVE-2023-31450

A path traversal vulnerability was identified in the SQL v2 sensors in PRTG 23.2.84.1566 and earlier versions where an authenticated user with write permissions could trick the SQL v2 sensors into behaving differently for existing files and non-existing files. This made it possible to traverse...

Paessler PRTG Network Monitor Path Traversal Vulnerability

Paessler PRTG Network Monitor is a full-featured network monitoring and management software from Paessler, Germany. A path traversal vulnerability exists in Paessler PRTG Network Monitor version 23.2.83.1760, which stems from the creation of an HL7 sensor that allows the user to set the HL7 messa...

Paessler PRTG Network Monitor Command Injection Vulnerability

Paessler PRTG Network Monitor is a full-featured network monitoring and management software from Paessler, Germany. Paessler PRTG Network Monitor version 23.2.83.1760 suffers from a command injection vulnerability that originates from an injectable command-line parameter, which can be exploited t...

CVE-2023-31448

CVE-2023-31448 affects Paessler PRTG Network Monitor: the HL7 sensor in version 23.2.84.1566 and earlier allows an authenticated user with write privileges to manipulate HL7 input and cause path traversal, enabling execution of files outside the designated custom sensors folder. This results in p...

Paessler PRTG Network Monitor Command Injection Vulnerability

Paessler PRTG Network Monitor is a full-featured network monitoring and management software from Paessler, Germany. A command injection vulnerability exists in Paessler PRTG Network Monitor version 23.2.83.1760, which stems from command line parameter injection and undocumented debug feature flag...

PT-2023-23336 · Prtg · Prtg

Name of the Vulnerable Software and Affected Versions: PRTG versions 23.2.84.1566 and earlier Description: A path traversal vulnerability was identified in the SQL v2 sensors where an authenticated user with write permissions could trick the sensors into behaving differently for existing and...

Paessler PRTG Network Monitor Cross-Site Request Forgery Vulnerability

Paessler PRTG Network Monitor is a full-featured network monitoring and management software from Paessler, Germany. A cross-site request forgery vulnerability exists in Paessler PRTG Network Monitor version 23.2.83.1760, which stems from NetApp Volume Sensor transmitting plaintext credentials ove...

PT-2023-24015 · Paessler · Prtg

Name of the Vulnerable Software and Affected Versions: PRTG versions 23.2.84.1566 and earlier Description: A command injection issue was identified in the HL7 sensor of PRTG, where an authenticated user with write permissions could abuse the debug option to write new files that could potentially...

PT-2023-23333 · Prtg · Prtg

Name of the Vulnerable Software and Affected Versions: PRTG versions 23.2.84.1566 and earlier Description: A path traversal vulnerability was identified in the HL7 sensor where an authenticated user with write permissions could trick the sensor into behaving differently for existing files and...

PT-2023-24016 · Prtg · Prtg

Name of the Vulnerable Software and Affected Versions: PRTG versions 23.2.84.1566 and earlier Description: A command injection issue was identified in the Dicom C-ECHO sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially...

PT-2023-23334 · Prtg · Prtg

Name of the Vulnerable Software and Affected Versions: PRTG versions 23.2.84.1566 and earlier Description: A path traversal vulnerability was identified in the WMI Custom sensor where an authenticated user with write permissions could trick the sensor into behaving differently for existing files...

CVE-2023-31449

The CVE-2023-31449 entry describes a path traversal in Paessler PRTG Network Monitor’s WMI Custom sensor (versions 23.2.84.1566 and earlier). An authenticated user with write permissions could exploit the WMI Custom sensor to behave differently for existing vs non-existing files, enabling path tr...

CVE-2023-31448

A path traversal vulnerability was identified in the HL7 sensor in PRTG 23.2.84.1566 and earlier versions where an authenticated user with write permissions could trick the HL7 sensor into behaving differently for existing files and non-existing files. This made it possible to traverse paths,...

CVE-2023-31449

A path traversal vulnerability was identified in the WMI Custom sensor in PRTG 23.2.84.1566 and earlier versions where an authenticated user with write permissions could trick the WMI Custom sensor into behaving differently for existing files and non-existing files. This made it possible to...

CVE-2023-32782

A command injection was identified in PRTG 23.2.84.1566 and earlier versions in the Dicom C-ECHO sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. The severity of this vulnerabili...