CVE-2021-46113

Опубликовано: 25 янв. 2022

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

In MartDevelopers KEA-Hotel-ERP open source as of 12-31-2021, a remote code execution vulnerability can be exploited by uploading PHP files using the file upload vulnerability in this service.

Ссылки

https://blog.pocas.kr/posts/rce-KEA-Hotel-ERP/
Broken Link
https://gist.github.com/P0cas/5aa55f62781364a750ac4a4d47f319fa#cve-2021-46113
Exploit
Third Party Advisory
https://www.youtube.com/watch?v=gnSMrvV5e9w
Exploit
Third Party Advisory
https://blog.pocas.kr/posts/rce-KEA-Hotel-ERP/
Broken Link
https://gist.github.com/P0cas/5aa55f62781364a750ac4a4d47f319fa#cve-2021-46113
Exploit
Third Party Advisory
https://www.youtube.com/watch?v=gnSMrvV5e9w
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:kea-hotel-erp_project:kea-hotel-erp:-:*:*:*:*:*:*:*

EPSS

Процентиль: 86%

0.03029

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-x44j-rvwf-fj2w

github

около 4 лет назад