Skip to content

added CVE-2018-6961 template #14626

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
DhiyaneshGeek merged 6 commits into from
Jan 6, 2026
Merged

added CVE-2018-6961 template #14626

DhiyaneshGeek merged 6 commits into from
Jan 6, 2026

Conversation

@thewindghost
Copy link
Contributor

@thewindghost thewindghost commented Dec 30, 2025
edited
Loading

/claim #14623

PR Information

  • Fixed CVE-2020-XXX / Added CVE-2020-XXX / Updated CVE-2020-XXX
  • References:

Template validation

  • Validated with a host running a vulnerable version and/or configuration (True Positive)
  • Validated with a host running a patched version and/or configuration (avoid False Positive)

Additional Details (leave it blank if not applicable)

Additional References:

Old Version:

Inked25aca779-c30d-43bf-b856-4605c5b405bd_LI

  • With -debug:

Inkedf0c1b07f-c921-4225-991a-d5af81b76392_LI

New Version:

Inked112cebc0-445c-41ea-8c8c-cc44b47441bb_LI

  • With -debug:

Inked7d0647f7-4ea5-4231-8005-2c40a72e265d_LI

Inked4bfd0a26-92e3-42a8-93be-d24f0477c9a5_LI

@algora-pbc algora-pbc bot mentioned this pull request Dec 30, 2025
Closed
@thewindghost
Copy link
Contributor Author

thewindghost commented Dec 30, 2025

Hi @ritikchaddha @DhiyaneshGeek, any updates?

I provided 2 or 3 real-world production environments with vulnerabilities along with PR #14626.

  • Please check [email protected] email and verify it. Verification is straightforward as my POC matches the real-world environment.
  • Don't worry about why I'm focusing on the Root user; as far as I know, using VMware NSX SD-WAN Edge (also known as Velocloud) requires root access to have critical privileges, so it's unlikely any user other than root could access it.

@thewindghost
Copy link
Contributor Author

thewindghost commented Jan 5, 2026

Hi @ritikchaddha @DhiyaneshGeek, any updates. Because there hasn't been a specific response, I'm not sure if my problem has been resolved.

@ritikchaddha ritikchaddha added the Done Ready to merge label Jan 6, 2026
@ritikchaddha
Copy link
Contributor

ritikchaddha commented Jan 6, 2026

Hello @thewindghost, thank you for sharing this template with the community and contributing to this project. This template is validated and ready for merging. 🍻

@thewindghost
Copy link
Contributor Author

thewindghost commented Jan 6, 2026

hi @ritikchaddha Thank you for the improved updates!

@DhiyaneshGeek DhiyaneshGeek linked an issue Jan 6, 2026 that may be closed by this pull request
CVE-2018-6961 - VMware NSX SD-WAN Edge - Command Injection 💰 #14623
Closed
@DhiyaneshGeek DhiyaneshGeek merged commit 59ff217 into projectdiscovery:main Jan 6, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@DhiyaneshGeek DhiyaneshGeek DhiyaneshGeek approved these changes

Assignees

@ritikchaddha ritikchaddha

Labels

🙋 Bounty claim Done Ready to merge

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

CVE-2018-6961 - VMware NSX SD-WAN Edge - Command Injection 💰

3 participants

@thewindghost @ritikchaddha @DhiyaneshGeek