CVE Vulnerabilities

CVE-2013-3506

Published: May 08, 2013 | Modified: May 08, 2013
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

cgi-bin/performance/perfchart.cgi in the Performance component in GroundWork Monitor Enterprise 6.7.0 does not properly restrict XML content, which allows remote attackers to execute arbitrary commands by creating a .shtml file and leveraging Server Side Includes (SSI) functionality.

Affected Software

Name Vendor Start Version End Version
Groundwork_monitor Gwos 6.7.0 6.7.0

References