CVE-2018-11774

Name of the Vulnerable Software and Affected Versions Apache VCL versions 2.1 through 2.5

Description The issue arises from improper validation of form input when adding and removing VMs to and from hosts, which is then used in SQL statements, allowing for an SQL injection attack. Access to this portion of a VCL system requires admin level rights. Other layers of security seem to protect against malicious attack.

Recommendations For Apache VCL versions 2.1 through 2.5, upgrade or patch to a version 2.5.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin level rights to minimize the risk of exploitation.