CalvinBackup/CVEs-PoC
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2026-05-14 11:02:11 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
ae7c8ffaeab2dbdfe8daabfe5c8c852b33cc867f
CVEs-PoC/2018/CVE-2018-5347.md
T
0xMarcio 48a00929ac Removed duplicates
2024-06-18 02:51:15 +02:00

18 lines
713 B
Markdown
Raw Blame History

### [CVE-2018-5347](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5347)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
### Description
Seagate Media Server in Seagate Personal Cloud has unauthenticated command injection in the uploadTelemetry and getLogs functions in views.py because .psp URLs are handled by the fastcgi.server component and shell metacharacters are mishandled.
### POC
#### Reference
- https://www.exploit-db.com/exploits/43659/
#### Github
- https://github.com/ARPSyndicate/cvemon
Reference in New Issue View Git Blame Copy Permalink