Back to CVE Browser

CVE-2019-12918

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.1270%

EPSS Percentile4.98th

PublishedNov 6, 2019

Last ModifiedNov 21, 2024

Vulnerability Description

Quest KACE Systems Management Appliance Server Center version 9.1.317 is vulnerable to SQL injection. The affected file is software_library.php and affected parameters are order[0][column] and order[0][dir].

Affected Platforms (CPE)

📦

Quest

Kace Systems Management Appliance

= 9.1.317

References & Advisories

🔗 https://support.quest.com/kb/311388/quest-response-to-certezza-vulnerability-report

🔗 https://www.quest.com/products/kace-systems-management-appliance/

🔗 https://support.quest.com/kb/311388/quest-response-to-certezza-vulnerability-report

🔗 https://www.quest.com/products/kace-systems-management-appliance/

Related Vulnerabilities

CVE-2018-111369.8

The 'orgID' parameter received by the '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance ...

CVE-2017-125679.8

SQL injection exists in Quest KACE Asset Management Appliance 6.4.120822 through 7.2, Systems Management Appliance 6.4.120822 thro...

CVE-2019-205049.8

service/krashrpt.php in Quest KACE K1000 Systems Management Appliance before 6.4 SP3 (6.4.120822) allows a remote attacker to exec...

CVE-2018-111389.8

The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by anonymous...