SQL Injection in Gwos Groundwork_monitor

CVE-2013-3510

Multiple SQL injection vulnerabilities in GroundWork Monitor Enterprise 6.7.0 allow remote authenticated users to execute arbitrary SQL commands via (1) nedi/html/System-Export.php, (2) nedi/html/Devices-List.php, or (3) the Noma component.

Vulnerability class: SQL Injection

EPSS: 0.013 (65.9th percentile) — read the EPSS interpretation.

Affected products

Gwos Groundwork_monitor — versions 6.7.0
N/a — versions n/a

Weakness classification (CWE)

CWE-89 — SQL Injection

References

cve@mitre.org (x_refsource_MISC)
cve@mitre.org (x_refsource_MISC)
VU#345260 (x_refsource_CERT-VN, US Government Resource, third-party-advisory)