cvedb.io
CVE-2018-11137
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2018-05-31T18:29:00.517 · Last modified 2026-06-17T01:35:19.310

Summary

The 'checksum' parameter of the '/common/download_attachment.php' script in the Quest KACE System Management Appliance 8.0.318 can be abused to read arbitrary files with 'www' privileges via Directory Traversal. No administrator privileges are needed to execute this script.

Affected products

quest — kace_system_management_appliance

Does this affect you?

Add your gear to cvedb and we'll alert you only when quest ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.