NA

CVE-2012-3448

Published: 06/08/2012 Updated: 04/08/2018
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Unspecified vulnerability in Ganglia Web prior to 3.5.1 allows remote malicious users to execute arbitrary PHP code via unknown attack vectors.

Affected Products

Vendor Product Versions
GangliaGanglia-web2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.5, 2.1.6, 2.1.7, 2.1.8, 2.2.0, 3.3.0, 3.3.1, 3.4.1, 3.4.2, 3.5.0

Vendor Advisories

Insufficient input sanitization in Ganglia, a web based monitoring system, could lead to remote PHP script execution with permissions of the user running the web server For the stable distribution (squeeze), this problem has been fixed in version 317-1+squeeze1 For the testing distribution (wheezy), this problem has been fixed in version 338- ...
Debian Bug report logs - #683584 ganglia: [Debian RT] CVE-2012-3448: arbitrary script execution Package: ganglia; Maintainer for ganglia is Debian Monitoring Maintainers <pkg-monitoring-maintainers@listsaliothdebianorg>; Reported by: Yves-Alexis Perez <corsac@debianorg> Date: Thu, 2 Aug 2012 05:33:02 UTC Severit ...

Exploits

<?php /* ################################################################################ # # Author : Andrei Costin (andrei theATsign firmware theDOTsign re) # Desc : CVE-2012-3448 PoC # Details : This PoC will create a dummy file in the /tmp folder and # will copy /etc/passwd to /tmp # To modify the attack ...

Mailing Lists

Ganglia Web Frontend versions prior to 351 suffer from a php code execution vulnerability ...