Arbitrary Command Execution Vulnerability in Quest KACE System Management Appliance 8.0.318

Arbitrary Command Execution Vulnerability in Quest KACE System Management Appliance 8.0.318

CVE-2018-11138 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by anonymous users and can be abused to execute arbitrary commands on the system.

Learn more about our User Device Pen Test.