CVE

CVE-2018-11137

admin

CVE-2018-11137

The ‘checksum’ parameter of the ‘/common/download_attachment.php’ script in the can Quest KACE System Management Appliance 8.0.318 be abused to read arbitrary files with ‘www’ privileges via Directory Traversal. No administrator privileges are needed to execute this script.

Source: CVE-2018-11137

Exit mobile version