CVE-2013-3506

Name of the Vulnerable Software and Affected Versions GroundWork Monitor Enterprise version 6.7.0

Description The issue is related to the improper restriction of XML content in the Performance component of GroundWork Monitor Enterprise. This allows remote attackers to execute arbitrary commands by creating a .shtml file and leveraging Server Side Includes (SSI) functionality.

Recommendations For GroundWork Monitor Enterprise version 6.7.0, consider restricting access to the vulnerable cgi-bin/performance/perfchart.cgi endpoint until a patch is available. As a temporary workaround, disabling Server Side Includes (SSI) functionality may help minimize the risk of exploitation.