RCE in Gwos Groundwork_monitor

CVE-2013-3508

html/System-Files.php in the System File Overview feature in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to execute arbitrary commands via vectors involving file editing.

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.020 (77.7th percentile) — read the EPSS interpretation.

Affected products

Gwos Groundwork_monitor — versions 6.7.0
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

References

cve@mitre.org (x_refsource_MISC)
cve@mitre.org (x_refsource_MISC)
VU#345260 (x_refsource_CERT-VN, US Government Resource, third-party-advisory)