CVE-2018-11342

2018-05-2201:00:00

mitre

www.cve.org

4.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.3%

JSON

A path traversal vulnerability in fileExplorer.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a path to a file on the system to create folders via the dest_folder parameter.

References

seclists.org/fulldisclosure/2018/May/2

github.com/mefulton/asustorexploit

www.purehacking.com/blog/matthew-fulton/back-to-the-future-asustor-web-exploitation