exploitDog

CVE-2018-11139

Опубликовано: 31 мая 2018

Источник: nvd

CVSS3: 8.8

CVSS2: 9

EPSS Средний

Описание

The '/common/ajax_email_connection_test.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by any authenticated user and can be abused to execute arbitrary commands on the system. This script is vulnerable to command injection via the unsanitized user input 'TEST_SERVER' sent to the script via the POST method.

Ссылки

https://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilities
Exploit
Technical Description
Third Party Advisory
https://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilities
Exploit
Technical Description
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:quest:kace_system_management_appliance:8.0.318:*:*:*:*:*:*:*

EPSS

Процентиль: 96%

0.25176

Средний

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-5788-3chh-698c

CVSS3: 8.8

github

больше 3 лет назад

The '/common/ajax_email_connection_test.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by any authenticated user and can be abused to execute arbitrary commands on the system. This script is vulnerable to command injection via the unsanitized user input 'TEST_SERVER' sent to the script via the POST method.

EPSS

Процентиль: 96%

0.25176

Средний

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-78