CVE-2018-15529
HIGHMutiny Monitoring Appliance < 6.1.0-5263 - Authenticated OS Command Injection via System Upgrade Filename
Title source: llmDescription
A command injection vulnerability in maintenance.cgi in Mutiny "Monitoring Appliance" before 6.1.0-5263 allows authenticated users, with access to the admin interface, to inject arbitrary commands within the filename of a system upgrade upload.
References (4)
Core 4
Core References
Various Sources x_refsource_misc
https://doddsecurity.com/135/remote-command-execution-on-the-monitoring-appliances/
Third Party Advisory x_refsource_misc
https://github.com/doddr/Security-Advisories/tree/master/Mutiny/CVE-2018-15529
Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/149065/Mutiny-Monitoring-Appliance-Command-Injection.html
Various Sources x_refsource_misc
https://www.mutiny.com/mutiny-support/release-summary/
Scores
CVSS v3
8.8
EPSS
0.0476
EPSS Percentile
90.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (1)
mutiny/mutiny
< 6.1.0-5263
Published
Aug 28, 2018
Tracked Since
Feb 18, 2026