CVE-2018-9246
Last modified
CVE-2018-9246 is a vulnerability of currently unknown severity. The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting in shell code injection via the create(), run_file(), backup(), or restore() function. The vulnerability allows unauthorized users to execute code with the same privileges as the running application.. EPSS estimates a 2.58% chance of exploitation in the next 30 days.
Description
The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting in shell code injection via the create(), run_file(), backup(), or restore() function. The vulnerability allows unauthorized users to execute code with the same privileges as the running application.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Pgobject-Util-Dbadmin Project | Pgobject-Util-Dbadmin | < 0.120.0 |
| Ledgersmb | Ledgersmb | >= 1.5.0, <= 1.5.21 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-9246?
How severe is CVE-2018-9246?
How do I fix CVE-2018-9246?
Are you affected by CVE-2018-9246?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST