exploitDog

CVE-2021-38366

Опубликовано: 12 авг. 2021

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

Sitecore through 10.1, when Update Center is enabled, allows remote authenticated users to upload arbitrary files and achieve remote code execution by visiting an uploaded .aspx file at an admin/Packages URL.

Ссылки

https://blog.istern.dk/2021/08/10/sitecore-10-authenticated-file-upload-to-rce/
Exploit
Third Party Advisory
https://blog.istern.dk/2021/08/10/sitecore-10-authenticated-file-upload-to-rce/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sitecore:sitecore:*:*:*:*:*:*:*:*

Версия до 10.1 (включая)

EPSS

Процентиль: 86%

0.0279

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-rggx-qr24-r8xj

github

больше 3 лет назад

Sitecore through 10.1, when Update Center is enabled, allows remote authenticated users to upload arbitrary files and achieve remote code execution by visiting an uploaded .aspx file at an admin/Packages URL.

EPSS

Процентиль: 86%

0.0279

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-434