Lucene search
GoogleOSV:CVE-2018-19168HistoryNov 11, 2018 - 12:29 a.m.
CVE-2018-19168
2018-11-1100:29:00
Google
osv.dev
2
Shell Metacharacter Injection in www/modules/save.php in FruityWifi (aka PatatasFritas/PatataWifi) through 2.4 allows remote attackers to execute arbitrary code with root privileges via a crafted mod_name parameter in a POST request. NOTE: unlike in CVE-2018-17317, the attacker does not need a valid session.
| CPE | Name | Operator | Version |
|---|---|---|---|
| fruitywifi | eq | 2.1.2 | |
| fruitywifi | eq | 2.3 | |
| fruitywifi | eq | 2.4 | |
| fruitywifi | eq | 2.2 | |
| fruitywifi | eq | 2.1 | |
| fruitywifi | eq | 2.0 | |
| fruitywifi | eq | 2.1.3 | |
| fruitywifi | eq | 2.1.1 |
References
Related
cve
cve
prion
prion
Design/Logic Flaw
2018-11-11 00:29:00
Input validation
2018-09-21 18:29:00
Remote code execution
2020-11-05 15:15:00
nvd
nvd
cvelist
cvelist
osv
osv
CVE-2018-17317
2018-09-21 18:29:00
CVE-2020-24849
2020-11-05 15:15:33