CVE-2018-11190
The CORE advisory details remote command injection and privilege escalation flaws in Quest DR Series Disk Backup Software prior to build 4.0.3.1. Exploitation occurs via the DR Series web UI/JSON-RPC methods (e.g., Logon, update, add, set, delete, etc.), allowing authenticated or unauthenticated ...