cgi-bin/performance/perfchart.cgi in the Performance component in GroundWork Monitor Enterprise 6.7.0 does not properly restrict XML content, which allows remote malicious users to execute arbitrary commands by creating a .shtml file and leveraging Server Side Includes (SSI) functionality.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gwos groundwork monitor 6.7.0 |