Full title: GroundWork Monitor Enterprise 6.7.0 SQL Injection / Command Execution 
Category: web applications
Platform: php
GroundWork Monitor Enterprise version 6.7.0 suffers from remote SQL injection, file disclosure, command injection, and cross site scripting vulnerabilities. This is the second of two advisories documenting all the issues in GroundWork. Detailed proof of concepts were removed by the author because GroundWork is refusing to fix the underlying security issues.

# 0day.today @ http://0day.today/