Vulnerabilities > CVE-2018-19793 - Unspecified vulnerability in Jiacrontab Project Jiacrontab 1.4.5

CVSS 7.2 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

jiacrontab-project

NVD

Published: 2018-12-03

Updated: 2024-11-21

Summary

jiacrontab 1.4.5 allows remote attackers to execute arbitrary commands via the crontab/task/edit?addr=localhost%3a20001 command and args parameters, as demonstrated by command=cat&args=/etc/passwd in the POST data.

Vulnerable Configurations

Part	Description	Count
Application	Jiacrontab_Project Jiacrontab Project Jiacrontab 1.4.5	1

References

https://github.com/iwannay/jiacrontab/issues/28
https://github.com/iwannay/jiacrontab/issues/28