Directory Traversal Vulnerability in Quest KACE System Management Virtual Appliance 8.0.318
CVE-2018-11141 · HIGH Severity
AV:N/AC:L/AU:N/C:P/I:P/A:P
The 'IMAGES_JSON' and 'attachments_to_remove[]' parameters of the '/adminui/advisory.php' script in the Quest KACE System Management Virtual Appliance 8.0.318 can be abused to write and delete files respectively via Directory Traversal. Files can be at any location where the 'www' user has write permissions.
Learn more about our User Device Pen Test.