Javier Jimenez

**Name of the Vulnerable Software and Affected Versions** PRTG Network Monitor versions 19.1.49 and below **Description** A Write to Arbitrary Location in Disk issue exists due to insufficient sanitisation when passing arguments to the `phantomjs.exe` binary, allowing attackers to place files in arbitrary locations with SYSTEM privileges. Remote authenticated administrators can exploit this by creating a new HTTP Full Web Page Sensor and setting specific settings when executing the sensor. **Recommendations** For versions 19.1.49 and below, update to a version above 19.1.49 to resolve the issue. As a temporary workaround, consider restricting access to the `phantomjs.exe` binary and the HTTP Full Web Page Sensor to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PRTG Network Monitor versions prior to 19.4.54.1506 **Description** A Remote Code Execution issue exists due to insufficient sanitization when passing arguments to the `HttpTransactionSensor.exe` binary. This allows attackers to execute code. To exploit the issue, remote authenticated administrators need to create a new HTTP Transaction Sensor and set specific settings when the sensor is executed. **Recommendations** For versions prior to 19.4.54.1506, update to version 19.4.54.1506 or later to resolve the issue. As a temporary workaround, consider restricting access to the `HttpTransactionSensor.exe` binary until a patch is applied. Additionally, limit the creation of new HTTP Transaction Sensors to minimize the risk of exploitation.