CVE-2013-3508

Опубликовано: 08 мая 2013

Источник: nvd

CVSS2: 6.5

EPSS Низкий

Описание

html/System-Files.php in the System File Overview feature in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to execute arbitrary commands via vectors involving file editing.

Ссылки

http://www.kb.cert.org/vuls/id/345260
US Government Resource
https://kb.groundworkopensource.com/display/SUPPORT/SA6.7.0-1+Some+web+components+allow+bypass+of+role+access+controls
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130308-1_GroundWork_Monitoring_Multiple_high_risk_vulnerabilities_part2_wo_poc_v10.txt
http://www.kb.cert.org/vuls/id/345260
US Government Resource
https://kb.groundworkopensource.com/display/SUPPORT/SA6.7.0-1+Some+web+components+allow+bypass+of+role+access+controls
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130308-1_GroundWork_Monitoring_Multiple_high_risk_vulnerabilities_part2_wo_poc_v10.txt

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gwos:groundwork_monitor:6.7.0:-:enterprise:*:*:*:*:*

EPSS

Процентиль: 67%

0.00557

Низкий

6.5 Medium

CVSS2

Дефекты

CWE-94

Связанные уязвимости

GHSA-23c5-w3px-wx59

github

около 3 лет назад