7.2

CVE-2021-25780

Exploit

EPSS 3.95%
Veröffentlicht 17.02.2021 15:15:13
Zuletzt bearbeitet 18.11.2025 20:01:33
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An arbitrary file upload vulnerability has been identified in posts.php in Baby Care System 1.0. The vulnerability could be exploited by an remote attacker to upload content to the server, including PHP files, which could result in command execution and obtaining a shell.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Janobe ≫ Baby Care System Version1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	3.95%	0.881

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://github.com/TCSWT/Baby-Care-System/blob/main/README.md

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2021-25780

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-25780

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-25780

EUVD