3 matches found
CVE-2018-11141
The 'IMAGESJSON' and 'attachmentstoremove' parameters of the '/adminui/advisory.php' script in the Quest KACE System Management Virtual Appliance 8.0.318 can be abused to write and delete files respectively via Directory Traversal. Files can be at any location where the 'www' user has write...
CVE-2018-11141
The 'IMAGESJSON' and 'attachmentstoremove' parameters of the '/adminui/advisory.php' script in the Quest KACE System Management Virtual Appliance 8.0.318 can be abused to write and delete files respectively via Directory Traversal. Files can be at any location where the 'www' user has write...
CVE-2018-11141
CVE-2018-11141 affects Quest KACE System Management Virtual Appliance 8.0.318. The vulnerability is a path traversal issue in the advisory/authored UI where the IMAGES_JSON and attachments_to_remove[] parameters can cause arbitrary file write and delete operations. Proof-of-concept details in the...