CVE-2014-125113

216.73.216.6

· Published 05/08/2025 20:15 · Modified 05/08/2025 21:06

Labels: CVE-2014-125113 2025-08-05 CVE-2014-125113 CWE-306 [email protected]

Essential information

Published: 05/08/2025 20:15
Modified: 05/08/2025 21:06
Author: —
Creator: —
CVSS: 9.3 CRITICAL (v3) 9.3 CRITICAL (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

An unrestricted file upload vulnerability exists in Dell (acquired by Quest) KACE K1000 System Management Appliance version 5.0 - 5.3, 5.4 prior to 5.4.76849, and 5.5 prior to 5.5.90547 in the download_agent.php endpoint. An attacker can upload arbitrary PHP files to a temporary web-accessible directory, which are later executed through inclusion in backend code that loads files under attacker-controlled paths.

NVD status

Status: Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
dell / kace k1000 system management appliance	`cpe:2.3:a:dell:kace_k1000_system_management_appliance:5.0-5.3:::::::*`
dell / kace k1000 system management appliance	`cpe:2.3:a:dell:kace_k1000_system_management_appliance:<5.4.76849:::::::*`
dell / kace k1000 system management appliance	`cpe:2.3:a:dell:kace_k1000_system_management_appliance:<5.5.90547:::::::*`