SolarWinds Serv-U FTP Server 15.1.6 allows remote authenticated users to execute arbitrary code by leveraging the Import feature and modifying a CSV file.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/106844 | Third Party Advisory VDB Entry |
http://seclists.org/fulldisclosure/2019/Feb/4 | Exploit Mailing List Third Party Advisory |
http://packetstormsecurity.com/files/151473/SolarWinds-Serv-U-FTP-15.1.6-Privilege-Escalation.html | Exploit VDB Entry Third Party Advisory |
Configurations
Information
Published : 2019-03-21 09:00
Updated : 2019-10-02 17:03
NVD link : CVE-2018-15906
Mitre link : CVE-2018-15906
JSON object : View
CWE
Products Affected
solarwinds
- serv-u_ftp_server