Vulnerability Details CVE-2018-9327
Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to execute arbitrary code on the server. The instance has to be configured to use a document database (DirtyDB, CouchDB, MongoDB, or RethinkDB).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 77.0%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 6.8
References
Products affected by CVE-2018-9327
-
cpe:2.3:a:etherpad:etherpad:1.5.0
-
cpe:2.3:a:etherpad:etherpad:1.5.0d
-
cpe:2.3:a:etherpad:etherpad:1.5.1
-
cpe:2.3:a:etherpad:etherpad:1.5.2
-
cpe:2.3:a:etherpad:etherpad:1.5.3
-
cpe:2.3:a:etherpad:etherpad:1.5.4
-
cpe:2.3:a:etherpad:etherpad:1.5.5
-
cpe:2.3:a:etherpad:etherpad:1.5.6
-
cpe:2.3:a:etherpad:etherpad:1.5.7
-
cpe:2.3:a:etherpad:etherpad:1.6.0
-
cpe:2.3:a:etherpad:etherpad:1.6.1
-
cpe:2.3:a:etherpad:etherpad:1.6.2
-
cpe:2.3:a:etherpad:etherpad:1.6.3