Vulnerability Description
The AcuWVSSchedulerv10 service in Acunetix Web Vulnerability Scanner (WVS) before 10 build 20151125 allows local users to gain privileges via a command parameter in the reporttemplate property in a params JSON object to api/addScan.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Acunetix | Web Vulnerability Scanner | <= 10 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/134602/Acunetix-WVS-10-Local-Privilege-EscaExploit
- https://www.acunetix.com/blog/releases/acunetix-10-build-includes-security-checkVendor Advisory
- https://www.exploit-db.com/exploits/38847/Exploit
- http://packetstormsecurity.com/files/134602/Acunetix-WVS-10-Local-Privilege-EscaExploit
- https://www.acunetix.com/blog/releases/acunetix-10-build-includes-security-checkVendor Advisory
- https://www.exploit-db.com/exploits/38847/Exploit
FAQ
What is CVE-2015-4027?
CVE-2015-4027 is a vulnerability with a CVSS score of 7.2 (HIGH). The AcuWVSSchedulerv10 service in Acunetix Web Vulnerability Scanner (WVS) before 10 build 20151125 allows local users to gain privileges via a command parameter in the reporttemplate property in a pa...
How severe is CVE-2015-4027?
CVE-2015-4027 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-4027?
Check the references section above for vendor advisories and patch information. Affected products include: Acunetix Web Vulnerability Scanner.