CVE-2012-2104
Munin 2.x - Remote Code Execution via Terminal Emulator Escape Sequence Injection
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2012-2104. PoCs published by Helmut Grohne.
AI-analyzed exploit summary This exploit leverages a command injection vulnerability in Munin's CGI graph component by injecting newline characters into the URL path, allowing arbitrary command execution. The PoC sends a crafted HTTP GET request to trigger the vulnerability.
Description
cgi-bin/munin-cgi-graph in Munin 2.x writes data to a log file without sanitizing non-printable characters, which might allow user-assisted remote attackers to inject terminal emulator escape sequences and execute arbitrary commands or delete arbitrary files via a crafted HTTP request.
Exploits (1)
This exploit leverages a command injection vulnerability in Munin's CGI graph component by injecting newline characters into the URL path, allowing arbitrary command execution. The PoC sends a crafted HTTP GET request to trigger the vulnerability.