On 10/08/2010 09:21 AM, John Coleman wrote:
On 10/07/2010 02:13 AM, aero wrote:
Hello,
My company's security team found a security flaws in opsview. even for 3.9.0
Someone can execute shell command via URL( ex.
http://opsviewurl/cgi-nmis/admin.pl?admin=ping&node=10.10.10.10
<http://opsviewurl/cgi-nmis/admin.pl?admin=ping&node=10.10.10.10> | ls -l )
Please fix it.
Thank you.
Granted, that this should not happen, but this would only seem to work
if the person executing this has authenticated in opsview correct?
_______________________________________________
Opsview-users mailing list
[email protected]
http://lists.opsview.org/lists/listinfo/opsview-users
