Medium severity6.5NVD Advisory· Published May 31, 2018· Updated Jun 17, 2026
CVE-2018-11137
CVE-2018-11137
Description
The 'checksum' parameter of the '/common/download_attachment.php' script in the Quest KACE System Management Appliance 8.0.318 can be abused to read arbitrary files with 'www' privileges via Directory Traversal. No administrator privileges are needed to execute this script.
Affected products
1- Range: = 8.0.318
Patches
Vulnerability mechanics
References
1- www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilitiesnvdExploitTechnical DescriptionThird Party Advisory
News mentions
0No linked articles in our index yet.