VYPR
Medium severity6.5NVD Advisory· Published Mar 13, 2018· Updated Jun 17, 2026

CVE-2018-1000080

CVE-2018-1000080

Description

Ajenti version version 2 contains a Insecure Permissions vulnerability in Plugins download that can result in The download of any plugins as being a normal user. This attack appear to be exploitable via By knowing how the requisition is made, and sending it as a normal user, the server, in response, downloads the plugin.

Affected products

2
  • Ajenti/Ajentiinferred2 versions
    = 2.0.0+ 1 more
    • (no CPE)range: = 2.0.0
    • (no CPE)range: =2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.