Vulnerabilities > Paessler > Prtg Network Monitor > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-09 | CVE-2023-31452 | Cross-Site Request Forgery (CSRF) vulnerability in Paessler Prtg Network Monitor A cross-site request forgery (CSRF) token bypass was identified in PRTG 23.2.84.1566 and earlier versions that allows remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious request. | 8.8 |
| 2023-08-09 | CVE-2023-32781 | Command Injection vulnerability in Paessler Prtg Network Monitor A command injection vulnerability was identified in PRTG 23.2.84.1566 and earlier versions in the HL7 sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. | 7.2 |
| 2023-08-09 | CVE-2023-32782 | Command Injection vulnerability in Paessler Prtg Network Monitor A command injection was identified in PRTG 23.2.84.1566 and earlier versions in the Dicom C-ECHO sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. | 7.2 |
| 2020-03-17 | CVE-2019-11074 | Unrestricted Upload of File with Dangerous Type vulnerability in Paessler Prtg Network Monitor A Write to Arbitrary Location in Disk vulnerability exists in PRTG Network Monitor 19.1.49 and below that allows attackers to place files in arbitrary locations with SYSTEM privileges (although not controlling the contents of such files) due to insufficient sanitisation when passing arguments to the phantomjs.exe binary. | 7.2 |
| 2020-03-16 | CVE-2019-11073 | Injection vulnerability in Paessler Prtg Network Monitor A Remote Code Execution vulnerability exists in PRTG Network Monitor before 19.4.54.1506 that allows attackers to execute code due to insufficient sanitization when passing arguments to the HttpTransactionSensor.exe binary. | 7.2 |
| 2018-11-21 | CVE-2018-19411 | Improper Privilege Management vulnerability in Paessler Prtg Network Monitor PRTG Network Monitor before 18.2.40.1683 allows an authenticated user with a read-only account to create another user with a read-write account (including administrator) via an HTTP request because /api/addusers doesn't check, or doesn't properly check, user rights. | 8.8 |
| 2018-11-12 | CVE-2018-19204 | Improper Input Validation vulnerability in Paessler Prtg Network Monitor PRTG Network Monitor before 18.3.44.2054 allows a remote authenticated attacker (with read-write privileges) to execute arbitrary code and OS commands with system privileges. | 8.8 |
| 2018-11-12 | CVE-2018-19203 | Unspecified vulnerability in Paessler Prtg Network Monitor PRTG Network Monitor before 18.2.41.1652 allows remote unauthenticated attackers to terminate the PRTG Core Server Service via a special HTTP request. | 7.5 |
| 2018-07-02 | CVE-2018-9276 | OS Command Injection vulnerability in Paessler Prtg Network Monitor An issue was discovered in PRTG Network Monitor before 18.2.39. | 7.2 |
| 2018-04-21 | CVE-2018-10253 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Paessler Prtg Network Monitor Paessler PRTG Network Monitor before 18.1.39.1648 mishandles stack memory during unspecified API calls. | 7.5 |