Arbitrary Command Execution via Unrestricted XML Content in GroundWork Monitor Enterprise 6.7.0

Arbitrary Command Execution via Unrestricted XML Content in GroundWork Monitor Enterprise 6.7.0

CVE-2013-3506 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

cgi-bin/performance/perfchart.cgi in the Performance component in GroundWork Monitor Enterprise 6.7.0 does not properly restrict XML content, which allows remote attackers to execute arbitrary commands by creating a .shtml file and leveraging Server Side Includes (SSI) functionality.

Learn more about our Cis Benchmark Audit For Server Software.