cbcvebase.
CVE-2012-2104
published 2012-08-26

CVE-2012-2104: cgi-bin/munin-cgi-graph in Munin 2.x writes data to a log file without sanitizing non-printable characters, which might allow user-assisted remote attackers to…

PriorityP342medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
5.08%
91.3th percentile
cgi-bin/munin-cgi-graph in Munin 2.x writes data to a log file without sanitizing non-printable characters, which might allow user-assisted remote attackers to inject terminal emulator escape sequences and execute arbitrary commands or delete arbitrary files via a crafted HTTP request.

Affected

10 ranges
VendorProductVersion rangeFixed in
citrixcitrix_sd-wan
citrixsd-wan
citrixxenserver
debianmunin< munin 2.0~rc6-1 (bookworm)munin 2.0~rc6-1 (bookworm)
munin-monitoringmunin
munin-monitoringmunin
munin-monitoringmunin>= 0 < 2.0~rc6-12.0~rc6-1
munin-monitoringmunin>= 0 < 2.0~rc6-12.0~rc6-1
munin-monitoringmunin>= 0 < 2.0~rc6-12.0~rc6-1
munin-monitoringmunin>= 0 < 2.0~rc6-12.0~rc6-1

CVSS provenance

nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.