CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-6547

plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming Evolved products, contains an HTTP message parsing function that takes a user-defined path and writes non-user controlled data as SYSTEM to the file when the extract_files parameter is used. This occurs without properly authenticating the user.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 61.3%

CVSS Severity

CVSS v3 Score 9.1

CVSS v2 Score 9.4

References

https://www.securifera.com/advisories/CVE-2018-6547/
https://www.securifera.com/advisories/CVE-2018-6547/

Products affected by CVE-2018-6547

Plays.tv » Plays.tv » Version: Any

cpe:2.3:a:plays.tv:plays.tv:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-6547

Products

Pricing

Contact Us