CVE-2018-9246 - OpenCVE

The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting in shell code injection via the create(), run_file(), backup(), or restore() function. The vulnerability allows unauthorized users to execute code with the same privileges as the running application.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Pgobject-util-dbadmin Project	Pgobject-util-dbadmin
Ledgersmb	Ledgersmb

Configuration 1 [-]

cpe:2.3:a:pgobject-util-dbadmin_project:pgobject-util-dbadmin:*:*:*:*:*:perl:*:*

Configuration 2 [-]

cpe:2.3:a:ledgersmb:ledgersmb:*:*:*:*:*:*:*:*

References

Link	Resource
https://archive.ledgersmb.org/ledger-smb-announce/msg00280.html	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2018-06-08T01:00:00

Updated: 2018-06-08T00:57:01

Reserved: 2018-04-03T00:00:00

Link: CVE-2018-9246

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-06-08T01:29:02.170

Modified: 2018-08-01T16:00:26.653

Link: CVE-2018-9246

JSON object: View

Redhat Information

No data.

CWE

CWE-116

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-06-07T00:00:00", "descriptions": [{"lang": "en", "value": "The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting in shell code injection via the create(), run_file(), backup(), or restore() function. The vulnerability allows unauthorized users to execute code with the same privileges as the running application."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-06-08T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://archive.ledgersmb.org/ledger-smb-announce/msg00280.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-9246", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting in shell code injection via the create(), run_file(), backup(), or restore() function. The vulnerability allows unauthorized users to execute code with the same privileges as the running application."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://archive.ledgersmb.org/ledger-smb-announce/msg00280.html", "refsource": "CONFIRM", "url": "https://archive.ledgersmb.org/ledger-smb-announce/msg00280.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-9246", "datePublished": "2018-06-08T01:00:00", "dateReserved": "2018-04-03T00:00:00", "dateUpdated": "2018-06-08T00:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pgobject-util-dbadmin_project:pgobject-util-dbadmin:*:*:*:*:*:perl:*:*", "matchCriteriaId": "19AA986F-B73C-4BD6-9FFD-8A808B2D45B3", "versionEndExcluding": "0.120.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ledgersmb:ledgersmb:*:*:*:*:*:*:*:*", "matchCriteriaId": "B2369675-B321-4129-9FFF-9F305C4B32B0", "versionEndIncluding": "1.5.21", "versionStartIncluding": "1.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting in shell code injection via the create(), run_file(), backup(), or restore() function. The vulnerability allows unauthorized users to execute code with the same privileges as the running application."}, {"lang": "es", "value": "El m\u00f3dulo PGObject::Util::DBAdmin en versiones anteriores a la 0.120.0 para Perl, tal y como se utiliza en LedgerSMB hasta la versi\u00f3n 1.5.x sanea o escapa insuficientemente los valores de variable que se emplean como parte de una ejecuci\u00f3n de comandos shell, lo que resulta en la inyecci\u00f3n de c\u00f3digo shell mediante las funciones create(), run_file(), backup() o restore(). La vulnerabilidad permite que usuarios no autorizados ejecuten c\u00f3digo con los mismos privilegios que la aplicaci\u00f3n que se est\u00e1 ejecutando."}], "id": "CVE-2018-9246", "lastModified": "2018-08-01T16:00:26.653", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-06-08T01:29:02.170", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://archive.ledgersmb.org/ledger-smb-announce/msg00280.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-116"}], "source": "nvd@nist.gov", "type": "Primary"}]}