Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
195
VMScore

CVE-2018-15657

Published: 05/02/2019 Updated: 21/02/2019
CVSS v2 Base Score: 1.9 | Impact Score: 2.9 | Exploitability Score: 3.4
CVSS v3 Base Score: 7.3 | Impact Score: 5.9 | Exploitability Score: 1.3
VMScore: 195
Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N
Subscribe to Suremdm

Vulnerability Summary

An SSRF issue exists in 42Gears SureMDM prior to 2018-11-27 via the /api/DownloadUrlResponse.ashx "url" parameter.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

42gears suremdm

Exploits

Exploit DB: SureMDM < 2018-11 Patch - Local / Remote File Inclusion
# Exploit Title: SureMDM LFI/RFI (Prior to 2018-11 Patch) # Google Dork: inurl:/api/DownloadUrlResponseashx # Date: 2019-02-01 # Exploit Author: Digital Interruption # Vendor Homepage: www42gearscom/ # Software Link: www42gearscom/products/suremdm-home/ # Version: Versions prior to the November 2018 patch # Tested on: Windows # ...
Exploit DB: SureMDM Local / Remote File Inclusion
SureMDM versions prior to the 2018-11 Patch suffers from local and remote file inclusion vulnerabilities ...

References

CWE-918https://research.digitalinterruption.com/2019/01/31/multiple-vulnerabilities-found-in-mobile-device-management-software/https://www.exploit-db.com/exploits/46305/https://nvd.nist.govhttps://www.exploit-db.com/exploits/46305
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionSSRFbuffer overflowCVE-2023-28952CVE-2023-41822CVE-2024-27956CVE-2023-7028CVE-2024-34447CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook