CyberSec.Space Logo
返回 CVE 浏览器

CVE-2018-9246

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1010%
EPSS Percentile39.78th
Published2018年6月8日
Last Modified2024年11月21日

Vulnerability Description

The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting in shell code injection via the create(), run_file(), backup(), or restore() function. The vulnerability allows unauthorized users to execute code with the same privileges as the running application.

Affected Platforms (CPE)

📦
Pgobject Util Dbadmin Project

Pgobject Util Dbadmin

< 0.120.0
📦
Ledgersmb

Ledgersmb

>= 1.5.0 and <= 1.5.21

References & Advisories

🔗 https://archive.ledgersmb.org/ledger-smb-announce/msg00280.html
🔗 https://archive.ledgersmb.org/ledger-smb-announce/msg00280.html

相关漏洞威胁

CVE-2018-010110.0

A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of the Cisco Adaptive Security Appliance (ASA) Software could ...

CVE-2018-022210.0

A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to log in to an...

CVE-2018-261110.0

Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: Core Service...

CVE-2018-026810.0

A vulnerability in the container management subsystem of Cisco Digital Network Architecture (DNA) Center could allow an unauthenti...