CPANSA-PGObject-Util-DBAdmin-2018-01: PGObject-Util-DBAdmin vulnerability
Publisher | giterlizzi | Document category | csaf_security_advisory |
---|---|---|---|
Initial release date | 2018-06-18T00:00:00 | Engine | CSAF Perl Toolkit 0.25 |
Current release date | 2018-06-18T00:00:00 | Build Date | |
Current version | 1 | Status | final |
CVSS v3.1 Base Score | 9.8 | Severity | |
Original language | Language | en | |
Also referred to |
Vulnerability Description
The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting in shell code injection via the create(), run_file(), backup(), or restore() function. The vulnerability allows unauthorized users to execute code with the same privileges as the running application.
Vulnerabilities
CVE-2018-9246
Vulnerability DescriptionThe PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting in shell code injection via the create(), run_file(), backup(), or restore() function. The vulnerability allows unauthorized users to execute code with the same privileges as the running application.
Weakness | CWE-116 : Improper Encoding or Escaping of Output |
---|
Product status
Known affected
Product | Score | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
PGObject-Util-DBAdmin less than 1.6.0 |
|
Fixed
- PGObject-Util-DBAdmin greater than or equal 1.6.0
giterlizzi
Namespace: https://github.com/giterlizzi/
gdt@cpan.org
References
- CPANSA-PGObject-Util-DBAdmin-2018-01 JSON self
https://raw.githubusercontent.com/giterlizzi/perl-CPANSA-CSAF/develop/csaf/white/2018/cpansa-pgobject-util-dbadmin-2018-01.json - https://archive.ledgersmb.org/ledger-smb-announce/msg00280.html external
https://archive.ledgersmb.org/ledger-smb-announce/msg00280.html - CVE-2018-9246 (NVD) external
https://nvd.nist.gov/vuln/detail/CVE-2018-9246
Revision history
Version | Date of the revision | Summary of the revision |
---|---|---|
1 | Mon Jun 18 00:00:00 2018 | First release |
Sharing rules
TLP:WHITE
For the TLP version see: https://www.first.org/tlp/