CVE-2021-41566

EPSS 1.94%
Veröffentlicht 08.10.2021 16:15:07
Zuletzt bearbeitet 21.11.2024 06:26:26
Quelle twcert@cert.org.tw
CVE-Watchlists
Login
Unerledigt
Login

Tad TadTools - Arbitrary File Upload

The file extension of the TadTools file upload function fails to filter, thus remote attackers can upload any types of files and execute arbitrary code without logging in.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Tadtools Project ≫ Tadtools Version < 3.2.2

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.94%	0.775

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
twcert@cert.org.tw	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://www.twcert.org.tw/tw/cp-132-5170-83472-1.html

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-41566

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-41566

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-41566

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-41566