CVE-2018-13140

HIGH

Druide Antidote < 5.1 - Remote Code Execution via Update Mechanism

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-13140. PoCs published by tnpitsecurity.

AI-analyzed exploit summary The repository provides a functional proof-of-concept exploit for CVE-2018-13140, demonstrating a Man-In-The-Middle attack against Antidote's update component. The exploit injects a reverse shell payload into HTTP responses, leading to remote code execution with elevated privileges.

Description

Druide Antidote through 9.5.1 on Windows and Linux allows remote code execution through the update mechanism by leveraging use of HTTP to download installation packages.

Exploits (1)

github WORKING POC 4 stars
by tnpitsecurity · poc
https://github.com/tnpitsecurity/CVEs/tree/master/CVE-2018-13140

The repository provides a functional proof-of-concept exploit for CVE-2018-13140, demonstrating a Man-In-The-Middle attack against Antidote's update component. The exploit injects a reverse shell payload into HTTP responses, leading to remote code execution with elevated privileges.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Antidote (Windows/Linux versions <= 9.5.1)
No auth needed
Prerequisites: Man-In-The-Middle position · mitmproxy · socat · bettercap
devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2018/Sep/38
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/149468/Antidote-9.5.1-Code-Execution.html

Scores

CVSS v3 8.1
EPSS 0.0663
EPSS Percentile 93.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-319
Status published
Products (1)
druide/antidote_9 < 5.1
Published Sep 24, 2018
Tracked Since Feb 18, 2026