CVE-2018-15694

HIGH

7.5

CVSS Severity Score

EPSS Score0.0920%

EPSS Percentile23.90th

PublishedAug 27, 2018

Last ModifiedNov 21, 2024

Vulnerability Description

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to upload files to arbitrary locations due to a path traversal vulnerability. This could lead to code execution if the "Web Server" feature is enabled.

Affected Platforms (CPE)

💻

Asustor

Data Master

<= 3.1.5

References & Advisories

🔗 https://www.tenable.com/security/research/tra-2018-22

Related Vulnerabilities

CVE-2006-027010.0

Unspecified vulnerability in the Transparent Data Encryption (TDE) Wallet component of Oracle Database server 10.2.0.1 has unspeci...

CVE-2008-096010.0

SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) e...

CVE-2017-1447210.0

An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Brad...

CVE-2017-144669.8

An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Brad...