CVE

CVE-2018-11141

admin

CVE-2018-11141

The ‘IMAGES_JSON’ and ‘attachments_to_remove[]’ parameters of the ‘/adminui/advisory.php’ script in the Quest KACE System Management Virtual Appliance 8.0.318 can be abused to write and delete files respectively via Directory Traversal. Files can be at any location where the ‘www’ user has write permissions.

Source: CVE-2018-11141

Exit mobile version