exploitDog

CVE-2021-44159

Опубликовано: 20 дек. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Низкий

Описание

4MOSAn GCB Doctor’s file upload function has improper user privilege control. A remote attacker can upload arbitrary files including webshell files without authentication and execute arbitrary code in order to perform arbitrary system operations or deny of service attack.

Ссылки

https://www.twcert.org.tw/tw/cp-132-5395-eee40-1.html
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-5395-eee40-1.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:4mosan:gcb_doctor:*:*:*:*:*:*:*:*

Версия до 2021-09-16 (исключая)

EPSS

Процентиль: 89%

0.04763

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-2pg3-5vwj-wh4m

github

около 4 лет назад

4MOSAn GCB Doctor’s file upload function has improper user privilege control. A remote attacker can upload arbitrary files including webshell files without authentication and execute arbitrary code in order to perform arbitrary system operations or deny of service attack.

EPSS

Процентиль: 89%

0.04763

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-434