CVE-2018-5404— The Quest Kace K1000 Appliance is vulnerable to multiple Blind SQL Injections.

EPSS 0.46% · P64 Updated Feb 21, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2018-5404

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

The Quest Kace K1000 Appliance is vulnerable to multiple Blind SQL Injections.

Source: NVD (National Vulnerability Database)

Vulnerability Description

The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated, remote attacker with least privileges ('User Console Only' role) to potentially exploit multiple Blind SQL Injection vulnerabilities to retrieve sensitive information from the database or copy the entire database. An authenticated remote attacker could leverage Blind SQL injections to obtain sensitive data.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

SQL命令中使用的特殊元素转义处理不恰当(SQL注入)

Source: NVD (National Vulnerability Database)

Vulnerability Title

Quest Software Kace K1000 Appliance SQL注入漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Quest Software Kace K1000 Appliance是美国Quest Software公司的一款系统管理设备。该产品主要用于软件许可证管理、补丁和端点安全管理、软件分发和服务器监控等功能。 Quest Kace K1000 Appliance 9.0.270之前版本中存在SQL注入漏洞。该漏洞源于基于数据库的应用缺少对外部输入SQL语句的验证。攻击者可利用该漏洞执行非法SQL命令。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Quest Kace	K1000 Appliance	9.0.270 ~ 9.0.270	-

II. Public POCs for CVE-2018-5404

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2018-5404

请登录查看更多情报信息。

https://support.quest.com/kb/288310/cert-coordination-center-report-updatex_refsource_CONFIRM
https://www.kb.cert.org/vuls/id/877837/third-party-advisoryx_refsource_CERT-VN
https://nvd.nist.gov/vuln/detail/CVE-2018-5404

Same Patch Batch · Quest Kace · 2019-06-03 · 3 CVEs total

CVE-2018-5405		The Quest Kace K1000 Appliance is vulnerable to JavaScript injection.
CVE-2018-5406		The Quest Kace K1000 Appliance misconfigures the Cross-Origin Resource Sharing (CORS) mech

IV. Related Vulnerabilities

Same product: K1000 Appliance

Same vendor: Quest Kace

Same weakness: CWE-89

V. Comments for CVE-2018-5404

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2018-5404— The Quest Kace K1000 Appliance is vulnerable to multiple Blind SQL Injections.

I. Basic Information for CVE-2018-5404

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2018-5404

III. Intelligence Information for CVE-2018-5404

Same Patch Batch · Quest Kace · 2019-06-03 · 3 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2018-5404

Leave a comment