GroundWork monarch_scan.cgi Remote Code Execution Exploit

This module exploits a vulnerability found in GroundWork 6.7.0. This software is used for network, application and cloud monitoring. The vulnerability exists in the monarch_scan.cgi, where user controlled input is used in the perl qx function, which allows any remote authenticated attacker, whatever his privileges are, to inject system commands and gain arbitrary code execution.
Exploit type: 
Platform: 
Vulnerabilty ID: 
CVE-2013-3502
Product Version: 
2013 R1
Released Date: 
Thursday, August 1, 2013 - 00:00