CVE-2018-9246 - Vulnerability Details - OpenCVE

The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting in shell code injection via the create(), run_file(), backup(), or restore() function. The vulnerability allows unauthorized users to execute code with the same privileges as the running application.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ledgersmb	Ledgersmb
Pgobject-util-dbadmin Project	Pgobject-util-dbadmin

Configuration 1 [-]

cpe:2.3:a:pgobject-util-dbadmin_project:pgobject-util-dbadmin:*:*:*:*:*:perl:*:*

Configuration 2 [-]

cpe:2.3:a:ledgersmb:ledgersmb:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://archive.ledgersmb.org/ledger-smb-announce/msg00280.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-06-08T01:00:00

Updated: 2024-08-05T07:17:51.955Z

Reserved: 2018-04-03T00:00:00

Link: CVE-2018-9246

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-06-08T01:29:02.170

Modified: 2024-11-21T04:15:12.490

Link: CVE-2018-9246

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-06-07T00:00:00", "descriptions": [{"lang": "en", "value": "The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting in shell code injection via the create(), run_file(), backup(), or restore() function. The vulnerability allows unauthorized users to execute code with the same privileges as the running application."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-06-08T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://archive.ledgersmb.org/ledger-smb-announce/msg00280.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-9246", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting in shell code injection via the create(), run_file(), backup(), or restore() function. The vulnerability allows unauthorized users to execute code with the same privileges as the running application."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://archive.ledgersmb.org/ledger-smb-announce/msg00280.html", "refsource": "CONFIRM", "url": "https://archive.ledgersmb.org/ledger-smb-announce/msg00280.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T07:17:51.955Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://archive.ledgersmb.org/ledger-smb-announce/msg00280.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-9246", "datePublished": "2018-06-08T01:00:00", "dateReserved": "2018-04-03T00:00:00", "dateUpdated": "2024-08-05T07:17:51.955Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pgobject-util-dbadmin_project:pgobject-util-dbadmin:*:*:*:*:*:perl:*:*", "matchCriteriaId": "19AA986F-B73C-4BD6-9FFD-8A808B2D45B3", "versionEndExcluding": "0.120.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ledgersmb:ledgersmb:*:*:*:*:*:*:*:*", "matchCriteriaId": "B2369675-B321-4129-9FFF-9F305C4B32B0", "versionEndIncluding": "1.5.21", "versionStartIncluding": "1.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting in shell code injection via the create(), run_file(), backup(), or restore() function. The vulnerability allows unauthorized users to execute code with the same privileges as the running application."}, {"lang": "es", "value": "El m\u00f3dulo PGObject::Util::DBAdmin en versiones anteriores a la 0.120.0 para Perl, tal y como se utiliza en LedgerSMB hasta la versi\u00f3n 1.5.x sanea o escapa insuficientemente los valores de variable que se emplean como parte de una ejecuci\u00f3n de comandos shell, lo que resulta en la inyecci\u00f3n de c\u00f3digo shell mediante las funciones create(), run_file(), backup() o restore(). La vulnerabilidad permite que usuarios no autorizados ejecuten c\u00f3digo con los mismos privilegios que la aplicaci\u00f3n que se est\u00e1 ejecutando."}], "id": "CVE-2018-9246", "lastModified": "2024-11-21T04:15:12.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-06-08T01:29:02.170", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://archive.ledgersmb.org/ledger-smb-announce/msg00280.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://archive.ledgersmb.org/ledger-smb-announce/msg00280.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-116"}], "source": "nvd@nist.gov", "type": "Primary"}]}