CVE-2021-41566

EPSS 1.46%
Veröffentlicht 08.10.2021 16:15:07
Zuletzt bearbeitet 21.11.2024 06:26:26
Quelle twcert@cert.org.tw
CVE-Watchlists
Login
Unerledigt
Login

The file extension of the TadTools file upload function fails to filter, thus remote attackers can upload any types of files and execute arbitrary code without logging in.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Tadtools Project ≫ Tadtools Version < 3.2.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.46%	0.806

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
twcert@cert.org.tw	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://www.twcert.org.tw/tw/cp-132-5170-83472-1.html

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-41566

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-41566

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-41566

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-41566