4 matches found
CVE-2013-7070
CVE-2013-7070 affects Monitorix prior to version 3.3.1. The handle_request function in lib/HTTPServer.pm allows remote attackers to execute arbitrary commands via shell metacharacters in the URI. Documented impact is remote code execution with high confidentiality, integrity, and availability imp...
CVE-2021-3325
Monitorix 3.13.0 is vulnerable to bypassing Basic Authentication in default installations lacking hosts_deny configuration due to a newly introduced access-control feature not accounting for existing setups. This is evidenced across multiple sources (NVD/NV OSV/ Fedora advisories) and is addresse...
CVE-2013-7071
CVE-2013-7071 affects Monitorix prior to 3.4.0. The vulnerability is a Cross-site Scripting (XSS) in the handle_request function of lib/HTTPServer.pm, exploitable via PATH_INFO to inject arbitrary web scripts or HTML. Remediation in the connected data shows Fedora/monitorix updates (e.g., monitor...
CVE-2018-7649
CVE-2018-7649 affects Monitorix prior to 3.10.1 and enables cross-site scripting via CGI variables. The vulnerability allows an attacker to inject arbitrary web script or HTML in the affected web interface. The public documents consistently describe the issue as an XSS in Monitorix before version...