exploitDog

CVE-2021-36581

Опубликовано: 14 сент. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Kooboo CMS 2.1.1.0 is vulnerable to Insecure file upload. It is possible to upload any file extension to the server. The server does not verify the extension of the file and the tester was able to upload an aspx to the server.

Ссылки

http://kooboo.com
Permissions Required
Vendor Advisory
https://github.com/l00neyhacker/CVE-2021-36581/
Third Party Advisory
http://kooboo.com
Permissions Required
Vendor Advisory
https://github.com/l00neyhacker/CVE-2021-36581/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:kooboo:kooboo_cms:2.1.1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 67%

0.00537

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-xhhh-8cg4-rhc7

github

больше 3 лет назад

Kooboo CMS 2.1.1.0 is vulnerable to Insecure file upload. It is possible to upload any file extension to the server. The server does not verify the extension of the file and the tester was able to upload an aspx to the server.

EPSS

Процентиль: 67%

0.00537

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-434