CVE-2018-11137

Posted on by admin

CVE-2018-11137

The ‘checksum’ parameter of the ‘/common/download_attachment.php’ script in the can Quest KACE System Management Appliance 8.0.318 be abused to read arbitrary files with ‘www’ privileges via Directory Traversal. No administrator privileges are needed to execute this script.

Source: CVE-2018-11137

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다