CVE-2012-10048

High CVSS 8.7

Overview

Zenoss Core 3.x contains a command injection vulnerability in the showDaemonXMLConfig endpoint. The daemon parameter is passed directly to a Popen() call in ZenossInfo.py without proper sanitation, allowing authenticated users to execute arbitrary commands on the server as the zenoss user.

CWE: CWE-22 Published: 2025-08-08T19:15:34.890

Risk analysis

This vulnerability is rated 🟠 HIGH.

CVSS: 8.7 (HIGH)
Detected tags: command_injection (tag impact: LOW)

Recommended actions:

Prioritize remediation based on business criticality and exposure.
Limit exposure and increase monitoring until fixed.

Overview

Recommended tools

Tags