Remote Code Execution in Quest KACE K1000 Systems Management Appliance

Remote Code Execution in Quest KACE K1000 Systems Management Appliance

CVE-2019-20504 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

service/krashrpt.php in Quest KACE K1000 Systems Management Appliance before 6.4 SP3 (6.4.120822) allows a remote attacker to execute code via shell metacharacters in the kuid parameter.

Learn more about our Web Application Penetration Testing UK.