Shell Metacharacter Injection in www/modules/save.php in FruityWifi (aka PatatasFritas/PatataWifi) through 2.4 allows remote attackers to execute arbitrary code with root privileges via a crafted mod_name parameter in a POST request. NOTE: unlike in CVE-2018-17317, the attacker does not need a valid session.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://github.com/xtr4nge/FruityWifi/issues/250 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2018-11-11T00:00:00Z
Updated: 2024-09-16T17:24:20.444Z
Reserved: 2018-11-10T00:00:00Z
Link: CVE-2018-19168
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2018-11-11T00:29:00.183
Modified: 2019-10-03T00:03:26.223
Link: CVE-2018-19168
Redhat
No data.