GroundWork monarch_scan.cgi OS Command Injection (CVE-2013-3502)

A vulnerability exists in GroundWork 6.7.0. The vulnerability exists in the monarch_scan.cgi where user controlled input is used in a perl function. This allows any remote authenticated attacker, regardless of privileges, to inject system commands and gain arbitrary code execution.

Leave a Reply