VYPR
Medium severity6.5NVD Advisory· Published May 31, 2018· Updated Jun 17, 2026

CVE-2018-11137

CVE-2018-11137

Description

The 'checksum' parameter of the '/common/download_attachment.php' script in the Quest KACE System Management Appliance 8.0.318 can be abused to read arbitrary files with 'www' privileges via Directory Traversal. No administrator privileges are needed to execute this script.

Affected products

1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.