CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-12309

Directory Traversal in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to upload files to arbitrary locations by modifying the "path" URL parameter. NOTE: the "filename" POST parameter is covered by CVE-2018-11345.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 69.1%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc
https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc

Products affected by CVE-2018-12309

Asustor » As602t » Version: N/A

cpe:2.3:h:asustor:as602t:-
Asustor » Data Master » Version: 3.1.1

cpe:2.3:o:asustor:data_master:3.1.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-12309

Products

Pricing

Contact Us