The 'checksum' parameter of the '/common/download_attachment.php' script in the Quest KACE System Management Appliance 8.0.318 can be abused to read arbitrary files with 'www' privileges via Directory Traversal. No administrator privileges are needed to execute this script.
References
Link | Resource |
---|---|
https://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilities | Exploit Technical Description Third Party Advisory |
Configurations
Information
Published : 2018-05-31 11:29
Updated : 2018-06-28 06:31
NVD link : CVE-2018-11137
Mitre link : CVE-2018-11137
JSON object : View
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Products Affected
quest
- kace_system_management_appliance