ID | CVE-2012-10048 | ||||||
Sažetak | Zenoss Core 3.x contains a command injection vulnerability in the showDaemonXMLConfig endpoint. The daemon parameter is passed directly to a Popen() call in ZenossInfo.py without proper sanitation, allowing authenticated users to execute arbitrary commands on the server as the zenoss user. | ||||||
Reference |
|
||||||
CVSS |
|
||||||
Pristup |
|
||||||
Impact |
|
||||||
CVSS vektor | None | ||||||
Zadnje važnije ažuriranje | 08-08-2025 - 20:30 | ||||||
Objavljeno | 08-08-2025 - 19:15 |