CVE-2018-11773
- EPSS 0.88%
- Published 29.07.2019 19:15:11
- Last modified 21.11.2024 03:44:00
Apache VCL versions 2.1 through 2.5 do not properly validate form input when processing a submitted block allocation. The form data is then used as an argument to the php built in function strtotime. This allows for an attack against the underlying i...
CVE-2018-11774
- EPSS 0.49%
- Published 29.07.2019 19:15:11
- Last modified 21.11.2024 03:44:00
Apache VCL versions 2.1 through 2.5 do not properly validate form input when adding and removing VMs to and from hosts. The form data is then used in SQL statements. This allows for an SQL injection attack. Access to this portion of a VCL system requ...
CVE-2018-11772
- EPSS 0.49%
- Published 29.07.2019 19:15:10
- Last modified 21.11.2024 03:44:00
Apache VCL versions 2.1 through 2.5 do not properly validate cookie input when determining what node (if any) was previously selected in the privilege tree. The cookie data is then used in an SQL statement. This allows for an SQL injection attack. Ac...