mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-28 01:04:30 +00:00
907 B
907 B
CVE-2018-11137
Description
The 'checksum' parameter of the '/common/download_attachment.php' script in the Quest KACE System Management Appliance 8.0.318 can be abused to read arbitrary files with 'www' privileges via Directory Traversal. No administrator privileges are needed to execute this script.
POC
Reference
- https://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilities
- https://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilities
Github
No PoCs found on GitHub currently.