Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistMitreCVELIST:CVE-2018-19410
HistoryNov 21, 2018 - 4:00 p.m.

CVE-2018-19410

2018-11-2116:00:00
mitre
www.cve.org
5
prtg network monitor
remote unauthenticated
create users
read-write privileges
local file inclusion

AI Score

9.6

Confidence

High

EPSS

0.006

Percentile

77.9%

JSON

PRTG Network Monitor before 18.2.40.1683 allows remote unauthenticated attackers to create users with read-write privileges (including administrator). A remote unauthenticated user can craft an HTTP request and override attributes of the ‘include’ directive in /public/login.htm and perform a Local File Inclusion attack, by including /api/addusers and executing it. By providing the ‘id’ and ‘users’ parameters, an unauthenticated attacker can create a user with read-write privileges (including administrator).

Related

nvd 1
cve 1
prion 1
ptsecurity 1
openvas 1
nvd
nvd
CVE-2018-19410
2018-11-21 16:29:00
cve
cve
CVE-2018-19410
2018-11-21 16:29:00
prion
prion
Cross site request forgery (csrf)
2018-11-21 16:29:00
ptsecurity
ptsecurity
PT-2018-24: Authentication Bypass, Improper Authorization and Local File Inclusion in PRTG Network Monitor
2018-05-25 00:00:00
openvas
openvas
PRTG Network Monitor <= 18.2.39.1661 Multiple Vulnerabilities
2018-11-22 00:00:00

AI Score

9.6

Confidence

High

EPSS

0.006

Percentile

77.9%

JSON
Related for CVELIST:CVE-2018-19410
nvd1cve1prion1ptsecurity1openvas1