CVE-2018-5340
published 2018-04-18CVE-2018-5340: An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: database access using a superuser account (specifically, an account with…
PriorityP344high7.2CVSS 3.0
AVNACLPRHUINSUCHIHAH
EPSS
5.20%
91.4th percentile
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: database access using a superuser account (specifically, an account with permission to write to the filesystem via SQL queries).
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ckeditor | ckeditor | >= 0 < 4.5.7+dfsg-2ubuntu0.16.04.1~esm1 | 4.5.7+dfsg-2ubuntu0.16.04.1~esm1 |
| zohocorp | manageengine_desktop_central | — | — |
| zohocorp | manageengine_desktop_central | — | — |
CVSS provenance
nvdv3.07.2HIGHCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
osv6.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rgxg-7vf9-fg6x: An issue was discovered in Zoho ManageEngine Desktop Central 10
ghsa_unreviewed·2022-05-13
CVE-2018-5340 [HIGH] GHSA-rgxg-7vf9-fg6x: An issue was discovered in Zoho ManageEngine Desktop Central 10
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: database access using a superuser account (specifically, an account with permission to write to the filesystem via SQL queries).
OSV
ckeditor vulnerabilities
osv·2022-03-23·CVSS 6.1
CVE-2018-9861 ckeditor vulnerabilities
ckeditor vulnerabilities
USN-5340-1 fixed several vulnerabilities in CKEditor.
This update provides the fixes for CVE-2018-9861, CVE-2020-9281,
CVE-2021-32809, CVE-2021-33829 and CVE-2021-37695 for Ubuntu 16.04 ESM.
Original advisory details:
Kyaw Min Thein discovered that CKEditor incorrectly handled
certain inputs. An attacker could possibly use this issue
to execute arbitrary code. This issue only affects
Ubuntu 18.04 LTS. (CVE-2018-9861)
Micha Bentkowski discovered that CKEditor incorrectly handled
certain inputs. An attacker could possibly use this issue to
execute arbitrary code. This issue only affects
Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-9281)
Anton Subbotin discovered that CKEditor incorrectly handled
certain inputs. An attacker could possibly use this issue to
ex
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://www.manageengine.com/products/desktop-central/query-restriction-bypass-vulnerability.htmlhttps://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-manageengine-desktop-central/https://www.manageengine.com/products/desktop-central/query-restriction-bypass-vulnerability.htmlhttps://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-manageengine-desktop-central/
2018-04-18
Published