CyberSec.Space Logo
Back to CVE Browser

CVE-2018-9246

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1010%
EPSS Percentile39.78th
PublishedJun 8, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting in shell code injection via the create(), run_file(), backup(), or restore() function. The vulnerability allows unauthorized users to execute code with the same privileges as the running application.

Affected Platforms (CPE)

📦
Pgobject Util Dbadmin Project

Pgobject Util Dbadmin

< 0.120.0
📦
Ledgersmb

Ledgersmb

>= 1.5.0 and <= 1.5.21

References & Advisories

🔗 https://archive.ledgersmb.org/ledger-smb-announce/msg00280.html
🔗 https://archive.ledgersmb.org/ledger-smb-announce/msg00280.html

Related Vulnerabilities

CVE-2018-010110.0

A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of the Cisco Adaptive Security Appliance (ASA) Software could ...

CVE-2018-487210.0

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006...

CVE-2018-261110.0

Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: Core Service...

CVE-2018-100012410.0

I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.p...