CVE-2018-11141

CVE-2018-11141

The ‘IMAGES_JSON’ and ‘attachments_to_remove[]’ parameters of the ‘/adminui/advisory.php’ script in the Quest KACE System Management Virtual Appliance 8.0.318 can be abused to write and delete files respectively via Directory Traversal. Files can be at any location where the ‘www’ user has write permissions.

Source: CVE-2018-11141

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다