Remote Code Execution in Quest KACE K1000 Systems Management Appliance
CVE-2019-20504 · CRITICAL Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
service/krashrpt.php in Quest KACE K1000 Systems Management Appliance before 6.4 SP3 (6.4.120822) allows a remote attacker to execute code via shell metacharacters in the kuid parameter.
Learn more about our Web Application Penetration Testing UK.