CVE-2018-5403

HIGH

Imperva SecureSphere v13 - Remote Code Execution via Web Access Management Interface

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-5403. PoCs published by rsp3ar.

AI-analyzed exploit summary This exploit demonstrates a command injection vulnerability in Imperva SecureSphere 13's PWS component, allowing unauthenticated or authenticated remote code execution via crafted parameters in the 'impcli' endpoint. The PoC uses base64-encoded commands injected into the 'installer-address' parameter.

Description

Imperva SecureSphere gateway (GW) running v13, for both pre-First Time Login or post-First Time Login (FTL), if the attacker knows the basic authentication passwords, the GW may be vulnerable to RCE through specially crafted requests, from the web access management interface.

Exploits (1)

exploitdb WORKING POC VERIFIED
by rsp3ar · pythonwebappslinux
https://www.exploit-db.com/exploits/45542

This exploit demonstrates a command injection vulnerability in Imperva SecureSphere 13's PWS component, allowing unauthenticated or authenticated remote code execution via crafted parameters in the 'impcli' endpoint. The PoC uses base64-encoded commands injected into the 'installer-address' parameter.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Imperva SecureSphere 13.0.10, 13.1.10, 13.2.10
No auth needed
Prerequisites: Network access to the target · Pre-FTL mode for unauthenticated exploitation or valid agent registration password for authenticated exploitation
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/45542

Scores

CVSS v3 8.1
EPSS 0.0241
EPSS Percentile 82.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-287 CWE-77
Status published
Products (3)
imperva/securesphere 13.0.10
imperva/securesphere 13.1.10
imperva/securesphere 13.2.10
Published Jan 10, 2019
Tracked Since Feb 18, 2026