CVE-2018-0643 — OS Command Injection in Management Organization CO LTD Ubuntu14.04 Orca 4.8.0 1 1.4.9+p41-u4jma1 AND Earlier

CWE-78 — OS Command Injection2 documents2 sources

Severity

6.6MEDIUMNVD

EPSS

0.3%

top 46.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Orca Management Organization CO LTD Ubuntu14.04 Orca 4.8.0 1 1.4.9+p41-u4jma1 AND Earlier Canonical Ubuntu Linux Orcamo Online Receipt Computer Advantage

Timeline

PublishedSep 7

Latest updateMay 14

Description

Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 4.8.0 (panda-server) 1:1.4.9+p41-u4jma1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via unspecified vectors.

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:HExploitability: 0.7 | Impact: 5.9

Affected Packages2 packages

▶NVDorcamo/online_receipt_computer_advantage4.8.0

▶CVEListV5orca_management_organization_co_ltd/ubuntu14.04_orca_4.8.0_1_1.4.9+p41-u4jma1_and_earlierunspecified

Also affects: Ubuntu Linux 14.04

🔴Vulnerability Details

GHSA

GHSA-cvwr-hpvw-jmx6: Ubuntu14↗2022-05-14

▶