Vulnerabilities > Quest > Kace System Management Appliance > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-31 | CVE-2018-11141 | Path Traversal vulnerability in Quest Kace System Management Appliance 8.0.318 The 'IMAGES_JSON' and 'attachments_to_remove[]' parameters of the '/adminui/advisory.php' script in the Quest KACE System Management Virtual Appliance 8.0.318 can be abused to write and delete files respectively via Directory Traversal. | 7.5 |
| 2018-05-31 | CVE-2018-11140 | SQL Injection vulnerability in Quest Kace System Management Appliance 8.0.318 The 'reportID' parameter received by the '/common/run_report.php' script in the Quest KACE System Management Appliance 8.0.318 is not sanitized, leading to SQL injection (in particular, an error-based type). | 7.5 |
| 2018-05-31 | CVE-2018-11136 | SQL Injection vulnerability in Quest Kace System Management Appliance 8.0.318 The 'orgID' parameter received by the '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is not sanitized, leading to SQL injection (in particular, a blind time-based type). | 7.5 |
| 2018-05-31 | CVE-2018-11135 | Unspecified vulnerability in Quest Kace System Management Appliance 8.0.318 The script '/adminui/error_details.php' in the Quest KACE System Management Appliance 8.0.318 allows authenticated users to conduct PHP object injection attacks. | 8.8 |