CyberSec.Space Logo
返回 CVE 浏览器

CVE-2018-19410

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score85.8240%
EPSS Percentile89.96th
Published2018年11月21日
Last Modified2025年11月7日

Vulnerability Description

PRTG Network Monitor before 18.2.40.1683 allows remote unauthenticated attackers to create users with read-write privileges (including administrator). A remote unauthenticated user can craft an HTTP request and override attributes of the 'include' directive in /public/login.htm and perform a Local File Inclusion attack, by including /api/addusers and executing it. By providing the 'id' and 'users' parameters, an unauthenticated attacker can create a user with read-write privileges (including administrator).

Affected Platforms (CPE)

📦
Paessler

Prtg Network Monitor

< 18.2.40.1683

References & Advisories

🔗 https://www.ptsecurity.com/ww-en/analytics/threatscape/pt-2018-24/
🔗 https://www.ptsecurity.com/ww-en/analytics/threatscape/pt-2018-24/
🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-19410

相关漏洞威胁

CVE-2020-103749.8

A webserver component in Paessler PRTG Network Monitor 19.2.50 to PRTG 20.1.56 allows unauthenticated remote command execution via...

CVE-2018-194118.8

PRTG Network Monitor before 18.2.40.1683 allows an authenticated user with a read-only account to create another user with a read-...

CVE-2018-192048.8

PRTG Network Monitor before 18.3.44.2054 allows a remote authenticated attacker (with read-write privileges) to execute arbitrary ...

CVE-2018-192037.5

PRTG Network Monitor before 18.2.41.1652 allows remote unauthenticated attackers to terminate the PRTG Core Server Service via a s...