CVE-2018-11141

The 'IMAGES_JSON' and 'attachments_to_remove[]' parameters of the '/adminui/advisory.php' script in the Quest KACE System Management Virtual Appliance 8.0.318 can be abused to write and delete files respectively via Directory Traversal. Files can be at any location where the 'www' user has write permissions.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:quest:kace_system_management_appliance:8.0.318:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-05-31 18:29

Updated : 2024-02-28 16:25


NVD link : CVE-2018-11141

Mitre link : CVE-2018-11141

CVE.ORG link : CVE-2018-11141


JSON object : View

Products Affected

quest

  • kace_system_management_appliance
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')