CVE-2018-1000083
MEDIUMAjenti 2 - Path Traversal via Malformed JSON Login Request
Title source: llmDescription
Ajenti version version 2 contains a Improper Error Handling vulnerability in Login JSON request that can result in The requisition leaks a path of the server. This attack appear to be exploitable via By sending a malformed JSON, the tool responds with a traceback error that leaks a path of the server.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://medium.com/stolabs/security-issues-on-ajenti-d2b7526eaeee
Scores
CVSS v3
5.3
EPSS
0.0128
EPSS Percentile
66.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (1)
ajenti/ajenti
2
Published
Mar 13, 2018
Tracked Since
Feb 18, 2026