CVE-2012-10048

NONE

Description

Zenoss Core 3.x contains a command injection vulnerability in the showDaemonXMLConfig endpoint. The daemon parameter is passed directly to a Popen() call in ZenossInfo.py without proper sanitation, allowing authenticated users to execute arbitrary commands on the server as the zenoss user.

Affected routers (0)

No routers currently mapped to this CVE in our database.

External references

• NIST NVD
• MITRE CVE