CVE-2018-12317

HIGH

ASUSTOR ADM <3.1.1 - Command Injection

Title source: llm
STIX 2.1

Description

OS command injection in group.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root by modifying the "name" POST parameter.

References (1)

Core 1

Scores

CVSS v3 8.8
EPSS 0.0344
EPSS Percentile 87.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-78
Status published
Products (1)
asustor/data_master 3.1.1
Published Dec 04, 2018
Tracked Since Feb 18, 2026