CVE-2018-19793

2018-12-0306:00:00

mitre

www.cve.org

7.6 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.8%

JSON

jiacrontab 1.4.5 allows remote attackers to execute arbitrary commands via the crontab/task/edit?addr=localhost%3a20001 command and args parameters, as demonstrated by command=cat&args=/etc/passwd in the POST data.

References

github.com/iwannay/jiacrontab/issues/28