CVE-2018-19410 - Paessler PRTG Network Monitor Local File Inclusion Vulnerability

Paessler | PTRG Network Monitor

• Date Added:
• 2025-02-04

• Due Date:
• 2025-02-25

Vulnerability Name

Paessler PRTG Network Monitor Local File Inclusion Vulnerability

Description

Paessler PRTG Network Monitor contains a local file inclusion vulnerability that allows a remote, unauthenticated attacker to create users with read-write privileges (including administrator).

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://www.paessler.com/prtg/history/prtg-18#18.2.41.1652 ; https://nvd.nist.gov/vuln/detail/CVE-2018-19410

Top Security News

Russian cybercrooks exploiting 7-Zip zero-day vulnerability (CVE-2025-0411)

Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks

Microsoft fixes exploited zero-day (CVE-2024-49138)

Garmin GPS watches crashing, stuck in triangle 'reboot loop'

Lazarus Group Uses React-Based Admin Panel to Control Global Cyber Attacks

DeepSeek Jailbreak Reveals Its Entire System Prompt

Broadcom Patches VMware Aria Flaws – Exploits May Lead to Credential Theft

Windows Server 2025 released—here are the new features

Top Alert List

Content Security Policy (CSP) Header Not Set

CSP

MediumMissing Anti-clickjacking Header

MediumAbsence of Anti-CSRF Tokens

InformationalInformation Disclosure - Suspicious Comments

MediumContent Security Policy (CSP) Header Not Set

InformationalModern Web Application

LowCross-Domain JavaScript Source File Inclusion

InformationalRe-examine Cache-control Directives

LowX-Content-Type-Options Header Missing

Latest CVE List

CVE-2024-45195 Apache OFBiz Forced Browsing Vulnerability

CVE-2024-29059 Microsoft .NET Framework Information Disclosure Vulnerability

CVE-2018-9276 Paessler PRTG Network Monitor OS Command Injection Vulnerability

CVE-2018-19410 Paessler PRTG Network Monitor Local File Inclusion Vulnerability

CVE-2025-24085 Apple Multiple Products Use-After-Free Vulnerability

CVE-2025-23006 SonicWall SMA1000 Appliances Deserialization Vulnerability

CVE-2020-11023 JQuery Cross-Site Scripting (XSS) Vulnerability

CVE-2024-50603 Aviatrix Controllers OS Command Injection Vulnerability

CVE-2024-55591 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability

CVE-2025-21333 Microsoft Windows Hyper-V NT Kernel Integration VSP Heap-based Buffer Overflow Vulnerability

Common CWEs

CWE-31 Path Traversal: 'dir\..\..\filename'

CWE-105 Struts: Form Field Without Validator

HighCWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CWE-1100 Insufficient Isolation of System-Dependent Functions

HighCWE-234 Failure to Handle Missing Parameter

CWE-173 Improper Handling of Alternate Encoding

CWE-260 Password in Configuration File

LowCWE-333 Improper Handling of Insufficient Entropy in TRNG

CWE-261 Weak Encoding for Password

LowCWE-197 Numeric Truncation Error