CVE-2018-11137
The ‘checksum’ parameter of the ‘/common/download_attachment.php’ script in the can Quest KACE System Management Appliance 8.0.318 be abused to read arbitrary files with ‘www’ privileges via Directory Traversal. No administrator privileges are needed to execute this script.
Source: CVE-2018-11137