CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2018-11136

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1240%
EPSS Percentile0.10th
Published2018年5月31日
Last Modified2024年11月21日

Vulnerability Description

The 'orgID' parameter received by the '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is not sanitized, leading to SQL injection (in particular, a blind time-based type).

Affected Platforms (CPE)

📦
Quest

Kace System Management Appliance

= 8.0.318

References & Advisories

🔗 https://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilities
🔗 https://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilities

相關漏洞威脅

CVE-2019-205049.8

service/krashrpt.php in Quest KACE K1000 Systems Management Appliance before 6.4 SP3 (6.4.120822) allows a remote attacker to exec...

CVE-2017-125679.8

SQL injection exists in Quest KACE Asset Management Appliance 6.4.120822 through 7.2, Systems Management Appliance 6.4.120822 thro...

CVE-2019-129189.8

Quest KACE Systems Management Appliance Server Center version 9.1.317 is vulnerable to SQL injection. The affected file is softwar...

CVE-2018-111389.8

The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by anonymous...