Vulnerabilities > CVE-2018-19793 - Unspecified vulnerability in Jiacrontab Project Jiacrontab 1.4.5

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

jiacrontab-project

NVD

Published: 2018-12-03

Updated: 2019-10-03

Summary

jiacrontab 1.4.5 allows remote attackers to execute arbitrary commands via the crontab/task/edit?addr=localhost%3a20001 command and args parameters, as demonstrated by command=cat&args=/etc/passwd in the POST data.

Vulnerable Configurations

Part	Description	Count
Application	Jiacrontab_Project Jiacrontab Project Jiacrontab 1.4.5	1

References

https://github.com/iwannay/jiacrontab/issues/28