2 matches found
CVE-2018-11140
The 'reportID' parameter received by the '/common/runreport.php' script in the Quest KACE System Management Appliance 8.0.318 is not sanitized, leading to SQL injection in particular, an error-based type...
CVE-2018-11140
CVE-2018-11140 affects Quest KACE System Management Appliance 8.0.318. The vulnerability is an SQL injection in the /common/run_report.php script via the reportID parameter, which is not sanitized. Public PoCs show an error-based SQL injection that can retrieve database information (e.g., current...