CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-15529

A command injection vulnerability in maintenance.cgi in Mutiny "Monitoring Appliance" before 6.1.0-5263 allows authenticated users, with access to the admin interface, to inject arbitrary commands within the filename of a system upgrade upload.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.346

EPSS Ranking 96.8%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.5

References

http://packetstormsecurity.com/files/149065/Mutiny-Monitoring-Appliance-Command-Injection.html
https://doddsecurity.com/135/remote-command-execution-on-the-monitoring-appliances/
https://github.com/doddr/Security-Advisories/tree/master/Mutiny/CVE-2018-15529
https://www.mutiny.com/mutiny-support/release-summary/
http://packetstormsecurity.com/files/149065/Mutiny-Monitoring-Appliance-Command-Injection.html
https://doddsecurity.com/135/remote-command-execution-on-the-monitoring-appliances/
https://github.com/doddr/Security-Advisories/tree/master/Mutiny/CVE-2018-15529
https://www.mutiny.com/mutiny-support/release-summary/

Products affected by CVE-2018-15529

Mutiny » Mutiny » Version: 5.0-1.00

cpe:2.3:a:mutiny:mutiny:5.0-1.00
Mutiny » Mutiny » Version: 5.0-1.10

cpe:2.3:a:mutiny:mutiny:5.0-1.10
Mutiny » Mutiny » Version: 5.0-1.11

cpe:2.3:a:mutiny:mutiny:5.0-1.11

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-15529

Products

Pricing

Contact Us