CVE-2013-3504
GroundWork Monitor Enterprise 6.7.0 - Authenticated Path Traversal and Arbitrary File Write via MONARCH monarch.cgi
Title source: llmDescription
Directory traversal vulnerability in monarch.cgi in the MONARCH component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to overwrite arbitrary files by leveraging access to the nagios account.
References (3)
Core 3
Core References
Various Sources x_refsource_misc
https://kb.groundworkopensource.com/display/SUPPORT/SA6.7.0-1+Some+web+components+allow+bypass+of+role+access+controls
Various Sources x_refsource_misc
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130308-0_GroundWork_Monitoring_Multiple_critical_vulnerabilities_wo_poc_v10.txt
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/345260
Scores
EPSS
0.0185
EPSS Percentile
76.5%
Details
CWE
CWE-22
Status
published
Products (1)
gwos/groundwork_monitor
6.7.0
Published
May 08, 2013
Tracked Since
Feb 18, 2026