Published: 06/08/2012 Updated: 04/08/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Unspecified vulnerability in Ganglia Web prior to 3.5.1 allows remote malicious users to execute arbitrary PHP code via unknown attack vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ganglia ganglia-web 3.3.1
ganglia ganglia-web 3.3.0
ganglia ganglia-web 2.1.2
ganglia ganglia-web 2.1.1
ganglia ganglia-web
ganglia ganglia-web 2.1.7
ganglia ganglia-web 2.1.6
ganglia ganglia-web 3.4.2
ganglia ganglia-web 3.4.1
ganglia ganglia-web 2.1.5
ganglia ganglia-web 2.1.3
ganglia ganglia-web 2.2.0
ganglia ganglia-web 2.1.8
ganglia ganglia-web 2.1.0

Debian Bug report logs - #683584 ganglia: [Debian RT] CVE-2012-3448: arbitrary script execution Package: ganglia; Maintainer for ganglia is Debian Monitoring Maintainers <pkg-monitoring-maintainers@listsaliothdebianorg>; Reported by: Yves-Alexis Perez <corsac@debianorg> Date: Thu, 2 Aug 2012 05:33:02 UTC Severit ...

Insufficient input sanitization in Ganglia, a web based monitoring system, could lead to remote PHP script execution with permissions of the user running the web server For the stable distribution (squeeze), this problem has been fixed in version 317-1+squeeze1 For the testing distribution (wheezy), this problem has been fixed in version 338- ...

<?php /* ################################################################################ # # Author : Andrei Costin (andrei theATsign firmware theDOTsign re) # Desc : CVE-2012-3448 PoC # Details : This PoC will create a dummy file in the /tmp folder and # will copy /etc/passwd to /tmp # To modify the attack ...

Ganglia Web Frontend versions prior to 351 suffer from a php code execution vulnerability ...

NVD-CWE-noinfo http://ganglia.info/?p=549 http://lists.fedoraproject.org/pipermail/package-announce/2012-July/084196.html https://bugzilla.redhat.com/show_bug.cgi?id=845124 https://bugs.gentoo.org/show_bug.cgi?id=428776 http://lists.fedoraproject.org/pipermail/package-announce/2012-July/084202.html http://www.openwall.com/lists/oss-security/2012/08/02/1 http://www.securityfocus.com/bid/54699 http://secunia.com/advisories/50047 http://www.debian.org/security/2013/dsa-2610 https://www.exploit-db.com/exploits/38030/https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00136.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683584 https://nvd.nist.gov https://www.exploit-db.com/exploits/38030/https://www.debian.org/security/./dsa-2610

CVE-2012-3448

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect