← back
CVE-2018-5347

CVE-2018-5347

EPSS 54.2%
Seagate Media Server in Seagate Personal Cloud has unauthenticated command injection in the uploadTelemetry and getLogs functions in views.py because .psp URLs are handled by the fastcgi.server component and shell metacharacters are mishandled.
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/43659/unverifiedexploitdbwww.exploit-db.com/exploits/43659unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://blogs.securiteam.com/index.php/archives/3548https://www.exploit-db.com/exploits/43659/