CVE-2018-11139
Last modified
CVE-2018-11139 is a vulnerability of currently unknown severity. The '/common/ajax_email_connection_test.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by any authenticated user and can be abused to execute arbitrary commands on the system. This script is vulnerable to command injection via the unsanitized user input 'TEST_SERVER' sent to the script via the POST method.. EPSS estimates a 42.92% chance of exploitation in the next 30 days.
Description
The '/common/ajax_email_connection_test.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by any authenticated user and can be abused to execute arbitrary commands on the system. This script is vulnerable to command injection via the unsanitized user input 'TEST_SERVER' sent to the script via the POST method.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Quest | Kace System Management Appliance | 8.0.318 |
References
- https://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilitiesExploit, Technical Description, Third Party Advisory
- https://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilitiesExploit, Technical Description, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-11139?
How severe is CVE-2018-11139?
How do I fix CVE-2018-11139?
Are you affected by CVE-2018-11139?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST