Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
cgi-bin/performance/perfchart.cgi in the Performance component in GroundWork Monitor Enterprise 6.7.0 does not properly restrict XML content, which allows remote attackers to execute arbitrary commands by creating a .shtml file and leveraging Server Side Includes (SSI) functionality.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
GroundWork Monitor Enterprise cgi-bin/performance/perfchart.cgi 权限许可和访问控制漏洞
Vulnerability Description
GroundWork Monitor Enterprise是美国GroundWork公司的一款开放的、功能全面的监控平台。 GroundWork Monitor Enterprise 6.7.0版本中的Performance组件中的cgi-bin/performance/perfchart.cgi中存在漏洞,该漏洞源于程序未正确限制XML内容。远程攻击者可通过创建‘.shtml’文件并利用Server Side Includes (SSI)功能利用该漏洞执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A