CVE-2018-15529

Severity CVSS v4.0:
Pending analysis
Type:
CWE-78 OS Command Injections
Publication date:
28/08/2018
Last modified:
03/10/2019

Description

A command injection vulnerability in maintenance.cgi in Mutiny "Monitoring Appliance" before 6.1.0-5263 allows authenticated users, with access to the admin interface, to inject arbitrary commands within the filename of a system upgrade upload.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:mutiny:mutiny:*:*:*:*:*:*:*:* 6.1.0-5263 (excluding)