CVE-2012-10048 in Zenossinfo

Zusammenfassung

von MITRE • 08.08.2025

Zenoss Core 3.x contains a command injection vulnerability in the showDaemonXMLConfig endpoint. The daemon parameter is passed directly to a Popen() call in ZenossInfo.py without proper sanitation, allowing authenticated users to execute arbitrary commands on the server as the zenoss user.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

VulnCheck

Reservieren

08.08.2025

Veröffentlichung

08.08.2025

Moderieren

akzeptiert

Eintrag

VDB-319291

CPE

bereit

CWE

CWE-22 (bestätigt)

Exploit

Download

CVSS

6.3 (VulDB)

EPSS

0.71950

KEV

nein

Aktivitäten

very low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2012-10048
NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-10048
CVE Details	https://www.cvedetails.com/cve/CVE-2012-10048/

◂ Zurück Übersicht Weiter ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!