Code Injection Vulnerability in MicrobeTRACE 0.1.11 Allows Remote Code Execution

Code Injection Vulnerability in MicrobeTRACE 0.1.11 Allows Remote Code Execution

CVE-2018-8974 · HIGH Severity

AV:N/AC:M/AU:N/C:C/I:C/A:C

Centers for Disease Control and Prevention MicrobeTRACE 0.1.11 allows remote attackers to execute arbitrary code, related to code injection via a crafted CSV file with an initial 'Source<script type="text/javascript" src=' line. Fix released on 2018-03-28.

Learn more about our Web Application Penetration Testing UK.