CVE-2018-11187
published 2018-06-02CVE-2018-11187: Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 45 of 46).
PriorityP358high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
EPSS
4.60%
90.5th percentile
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 45 of 46).
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gosa_project | gosa | >= 0 < 2.7.4+reloaded2-9ubuntu1.1 | 2.7.4+reloaded2-9ubuntu1.1 |
| quest | disk_backup | < 4.0.3.1 | 4.0.3.1 |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
osv6.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v967-2wjc-q24c: Quest DR Series Disk Backup software version before 4
ghsa_unreviewed·2022-05-13
CVE-2018-11187 [HIGH] CWE-78 GHSA-v967-2wjc-q24c: Quest DR Series Disk Backup software version before 4
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 45 of 46).
OSV
gosa vulnerabilities
osv·2020-10-28·CVSS 6.1
CVE-2019-14466 gosa vulnerabilities
gosa vulnerabilities
Fabian Henneke discovered that GOsa incorrectly handled client cookies. An
authenticated user could exploit this with a crafted cookie to perform
file deletions in the context of the user account that runs the web
server. (CVE-2019-14466)
It was discovered that GOsa incorrectly handled user access control. A
remote attacker could use this issue to log into any account with a
username containing the word "success". (CVE-2019-11187)
Fabian Henneke discovered that GOsa was vulnerable to cross-site scripting
attacks via the change password form. A remote attacker could use this
flaw to run arbitrary web scripts. (CVE-2018-1000528)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.htmlhttp://seclists.org/fulldisclosure/2018/May/71https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilitieshttp://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.htmlhttp://seclists.org/fulldisclosure/2018/May/71https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities
2018-06-02
Published