An attacker could exploit this vulnerability by sending a specially crafted request to the targeted system. An attacker would first have to send a crafted request to the targeted system in order for this vulnerability to be exploited. After successfully sending a crafted request to the targeted system, an attacker could then execute arbitrary commands on the targeted system. To exploit this vulnerability, an attacker would have to be authenticated to the targeted system.

CVE-2018-18357: Exposing Data Through Sensitive Input Controls A locally authenticated attacker could expose data on an affected system by using a web application that allows users to create or edit data. An attacker could exploit this vulnerability by using a web application that allows users to create or edit data. After successfully exploiting this vulnerability, an attacker could view or alter data on the targeted system.

CVE-2018-18356: Improper Access Control on Sensitive Input Controls A locally authenticated attacker could access data on an affected system by using a web application that allows users to create or edit data. An attacker could exploit this vulnerability by using a web application that allows users to create or edit data. After successfully exploiting this vulnerability, an attacker could view or alter data on the targeted system.

Vulnerable packages:

* Oracle JRE 1.8.0_181
* Oracle JRE 1.7.0_111
* Oracle JRE 1.6.0_45
* Oracle JRE 1.5.0_40
* Oracle JRE 1.4.2_3

Multiple Vulnerabilities in PHP Mailing System

Multiple vulnerabilities were found in PHP Mailing System. The following is a detailed description of each vulnerability.

CVE-2018-18357: Exposing Data Through Sensitive Input Controls A locally authenticated attacker could expose data on an affected system by using a web application that allows users to create or edit data. An attacker could exploit this vulnerability by using a web application that allows users to create or edit data. After successfully exploiting this vulnerability, an attacker could view or alter data on the targeted system.

CVE-2018-18356: Improper Access Control on Sensitive Input Controls A locally authenticated attacker could access data on an affected system by using a web application that allows users to create or edit data. An attacker could exploit this vulnerability by using a web application that allows users to create or edit data. After successfully exploiting this vulnerability, an attacker could view or alter data on the targeted system.

Vulnerability Scenario

The vulnerabilities above could allow an attacker to send a crafted request to the targeted system and then execute arbitrary commands on the targeted system.

Timeline

Published on: 11/03/2022 20:15:00 UTC
Last modified on: 11/04/2022 15:12:00 UTC

References