Published: 17/12/2015 Updated: 03/08/2020

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

VMScore: 725

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

The AcuWVSSchedulerv10 service in Acunetix Web Vulnerability Scanner (WVS) prior to 10 build 20151125 allows local users to gain privileges via a command parameter in the reporttemplate property in a params JSON object to api/addScan.

Vulnerable Product	Search on Vulmon	Subscribe to Product
acunetix web vulnerability scanner

''' ======================================================================== Acunetix WVS 10 - from guest to Sytem (Local privilege escalation) CVE: CVE-2015-4027 Author: (me) Daniele Linguaglossa Affected Product: Acunetix WVS 10 Exploit: Local privilege escalation Vendor: Acunetix ltd Remote: No Version: 10 ====================================== ...

Acunetix WVS 10 suffers from a local privilege escalation vulnerability ...

CWE-264 https://www.acunetix.com/blog/releases/acunetix-10-build-includes-security-checks-in-cors-configurations/https://www.exploit-db.com/exploits/38847/http://packetstormsecurity.com/files/134602/Acunetix-WVS-10-Local-Privilege-Escalation.html https://nvd.nist.gov https://www.exploit-db.com/exploits/38847/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2015-4027

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect