CVE-2015-4027

Name of the Vulnerable Software and Affected Versions Acunetix Web Vulnerability Scanner (WVS) versions prior to 10 build 20151125

Description The issue allows local users to gain privileges via a command parameter in the reporttemplate property in a params JSON object to the "api/addScan" API endpoint.

Recommendations For versions prior to 10 build 20151125, update to a version newer than 10 build 20151125 to resolve the issue. As a temporary workaround, consider restricting access to the "api/addScan" API endpoint to minimize the risk of exploitation. Avoid using the reporttemplate property in the params JSON object until the issue is resolved.