CVE-2018-25224

Exploit

EPSS 0.03%
Veröffentlicht 28.03.2026 11:58:16
Zuletzt bearbeitet 02.04.2026 19:07:35
Quelle disclosure@vulncheck.com
CVE-Watchlists
Login
Unerledigt
Login

PMS 0.42 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arbitrary code by supplying malicious values in the configuration file. Attackers can craft configuration files with oversized input that overflows the stack buffer and execute shell commands via return-oriented programming gadgets.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Kimtore ≫ Practical Music Search Version <= 0.42

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.08

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
disclosure@vulncheck.com	8.6	0	0	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
disclosure@vulncheck.com	8.4	2.5	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://www.exploit-db.com/exploits/44426

Exploit

VDB Entry

https://pms.sourceforge.net

Product

https://www.vulncheck.com/advisories/pms-stack-based-buffer-overflow-via-configuration-file

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-25224

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-25224

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-25224

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2018-25224