CVE-2013-3510

Name of the Vulnerable Software and Affected Versions GroundWork Monitor Enterprise version 6.7.0

Description The issue concerns multiple SQL injection vulnerabilities. These vulnerabilities allow remote authenticated users to execute arbitrary SQL commands. The affected API endpoints include "nedi/html/System-Export.php", "nedi/html/Devices-List.php", and the "Noma" component.

Recommendations For GroundWork Monitor Enterprise version 6.7.0, update to a version that includes a fix for the SQL injection vulnerabilities. As a temporary workaround, consider restricting access to the affected endpoints "nedi/html/System-Export.php" and "nedi/html/Devices-List.php", as well as the "Noma" component, to minimize the risk of exploitation.