CVE-2018-1000885
Last modified
CVE-2018-1000885 is a vulnerability of currently unknown severity. PHKP version including commit 88fd9cfdf14ea4b6ac3e3967feea7bcaabb6f03b contains a Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in function pgp_exec() phkp.php:98 that can result in It is possible to manipulate gpg-keys or execute commands remotely. This attack appear to be exploitable via HKP-Api: /pks/lookup?search.. EPSS estimates a 3.22% chance of exploitation in the next 30 days.
Description
PHKP version including commit 88fd9cfdf14ea4b6ac3e3967feea7bcaabb6f03b contains a Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in function pgp_exec() phkp.php:98 that can result in It is possible to manipulate gpg-keys or execute commands remotely. This attack appear to be exploitable via HKP-Api: /pks/lookup?search.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Phkp Project | Phkp | All versions |
References
- https://tech.feedyourhead.at/content/full-disclosure-remote-command-execution-in-phkpExploit, Third Party Advisory
- https://tech.feedyourhead.at/content/full-disclosure-remote-command-execution-in-phkpExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-1000885?
How severe is CVE-2018-1000885?
How do I fix CVE-2018-1000885?
Are you affected by CVE-2018-1000885?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST