Directory Traversal Vulnerability in Quest KACE System Management Virtual Appliance 8.0.318

Directory Traversal Vulnerability in Quest KACE System Management Virtual Appliance 8.0.318

CVE-2018-11141 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The 'IMAGES_JSON' and 'attachments_to_remove[]' parameters of the '/adminui/advisory.php' script in the Quest KACE System Management Virtual Appliance 8.0.318 can be abused to write and delete files respectively via Directory Traversal. Files can be at any location where the 'www' user has write permissions.

Learn more about our User Device Pen Test.