CVE-2018-11141

The 'IMAGES_JSON' and 'attachments_to_remove[]' parameters of the '/adminui/advisory.php' script in the Quest KACE System Management Virtual Appliance 8.0.318 can be abused to write and delete files respectively via Directory Traversal. Files can be at any location where the 'www' user has write permissions.
References
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:quest:kace_system_management_appliance:8.0.318:*:*:*:*:*:*:*

Information

Published : 2018-05-31 11:29

Updated : 2018-06-29 11:52


NVD link : CVE-2018-11141

Mitre link : CVE-2018-11141


JSON object : View

CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Advertisement

dedicated server usa

Products Affected

quest

  • kace_system_management_appliance