2 matches found
CVE-2018-11136
The 'orgID' parameter received by the '/common/downloadagentinstaller.php' script in the Quest KACE System Management Appliance 8.0.318 is not sanitized, leading to SQL injection in particular, a blind time-based type...
CVE-2018-11136
CVE-2018-11136 affects Quest KACE System Management Appliance 8.0 (Build 8.0.318). The orgID parameter in /common/download_agent_installer.php is not sanitized, enabling unauthenticated SQL injection (blind time-based). Proof-of-concept demonstrated time delays; Core/CORE advisory and other sourc...