exploitDog

CVE-2021-32538

Опубликовано: 07 июл. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

ARTWARE CMS parameter of image upload function does not filter the type of upload files which allows remote attackers can upload arbitrary files without logging in, and further execute code unrestrictedly.

Ссылки

https://www.twcert.org.tw/tw/cp-132-4850-9b53f-1.html
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-4850-9b53f-1.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:artware_cms_project:artware_cms:*:*:*:*:*:*:*:*

Версия до 2021-01-08 (исключая)

EPSS

Процентиль: 77%

0.01057

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-w9qj-p795-8xwq

github

больше 3 лет назад

ARTWARE CMS parameter of image upload function does not filter the type of upload files which allows remote attackers can upload arbitrary files without logging in, and further execute code unrestrictedly.

EPSS

Процентиль: 77%

0.01057

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-434