LANDESK Management Suite Remote File Include Vulnerability

1、产品与型号

LANDesk Management Suite (LDMS) 7 Base | 8 Base | 8.1 Base | 8.5 Base | 8.6 Base | 8.7 Base, SP1, SP2, SP3, SP4, SP5 | 8.70 Base, .7.1, .7.2 | 8.8 Base | 8.80 Base, .1.1 | 9 .0, .1, .2, .3, .4, .5, .6

2、公布时间：2015-8-18

3、CVE:CVE-2014-5362

4、漏洞类型：远程文件包含

5、漏洞详情：

A vulnerability in LANDESK Management Suite could allow an unauthenticated, remote attacker to conduct remote file inclusion attacks on a targeted system.

The vulnerability is due to insufficient validation of user-supplied input by the affected software. An unauthenticated, remote attacker could exploit the vulnerability by persuading a user to follow a malicious link. A successful exploit could allow the attacker to upload arbitrary files to the system.

Proof-of-concept code that exploits this vulnerability is publicly available.

6、漏洞影响危害：

LANDESK Management Suite contains a vulnerability that could allow an unauthenticated, remote attacker to conduct remote file inclusion attacks on a targeted system