CVE-2013-3508
GroundWork Monitor Enterprise 6.7.0 - Authenticated Remote Code Execution via System File Overview File Editing
Title source: llmDescription
html/System-Files.php in the System File Overview feature in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to execute arbitrary commands via vectors involving file editing.
References (3)
Core 3
Core References
Various Sources x_refsource_misc
https://kb.groundworkopensource.com/display/SUPPORT/SA6.7.0-1+Some+web+components+allow+bypass+of+role+access+controls
Various Sources x_refsource_misc
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130308-1_GroundWork_Monitoring_Multiple_high_risk_vulnerabilities_part2_wo_poc_v10.txt
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/345260
Scores
EPSS
0.0197
EPSS Percentile
78.0%
Details
CWE
CWE-94
Status
published
Products (1)
gwos/groundwork_monitor
6.7.0
Published
May 08, 2013
Tracked Since
Feb 18, 2026