CVE-2018-11141: Path Traversal
First published: Thu May 31 2018(Updated: )
The 'IMAGES_JSON' and 'attachments_to_remove[]' parameters of the '/adminui/advisory.php' script in the Quest KACE System Management Virtual Appliance 8.0.318 can be abused to write and delete files respectively via Directory Traversal. Files can be at any location where the 'www' user has write permissions.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Quest KACE Systems Management Appliance | =8.0.318 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-11141?
CVE-2018-11141 is considered a high severity vulnerability due to its potential for unauthorized file writes and deletions.
How do I fix CVE-2018-11141?
To fix CVE-2018-11141, update the Quest KACE System Management Appliance to the latest version that addresses this vulnerability.
What are the risks associated with CVE-2018-11141?
The risks of CVE-2018-11141 include unauthorized access to sensitive files and the potential for complete compromise of the system.
Which versions are affected by CVE-2018-11141?
CVE-2018-11141 affects the Quest KACE System Management Appliance version 8.0.318.
Can CVE-2018-11141 be exploited remotely?
Yes, CVE-2018-11141 can be exploited remotely, allowing attackers to execute unauthorized file operations.
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/quest
- canonical/quest kace systems management appliance
- version/quest kace systems management appliance/8.0.318