Being Stubborn Pays Off pt. 2 – Tale of two 0days on PRTG Network Monitor

This analysis documents two PRTG Network Monitor flaws—CVE-2019-11074 (arbitrary file write/DoS via PhantomJS-based sensor) and CVE-2019-11073 (remote code execution as SYSTEM via argument-injection in the HTTP Transaction Sensor)—provides step-by-step exploitation detail and proof-of-concept techniques, highlights that exploitation requires administrative credentials (often default), and notes remediation was released in version 19.3.51 while observing many Internet-exposed instances.