CVE-2021-26471
- EPSS 7.87%
- Veröffentlicht 08.06.2021 19:15:08
- Zuletzt bearbeitet 21.11.2024 05:56:24
In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1, the http API located at /sgwebservice_o.php accepts a command argument. Using this command argument an unauthenticated attacker can execute arbitrary shell commands.
- EPSS 10.71%
- Veröffentlicht 08.06.2021 19:15:08
- Zuletzt bearbeitet 21.11.2024 05:56:25
In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 installed on Windows, the http API located at /consumerweb/secure/download.php. Using this command argument an unauthenticated attacker can execute arbitrary OS commands with SYSTEM privile...
CVE-2021-26473
- EPSS 0.74%
- Veröffentlicht 08.06.2021 19:15:08
- Zuletzt bearbeitet 21.11.2024 05:56:25
In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 the http API located at /sgwebservice_o.php action logFilePath allows an attacker to write arbitrary files in the context of the web server process. These files can then be executed remotel...
CVE-2021-26474
- EPSS 0.23%
- Veröffentlicht 08.06.2021 19:15:08
- Zuletzt bearbeitet 21.11.2024 05:56:25
Various Vembu products allow an attacker to execute a (non-blind) http-only Cross Site Request Forgery (Other products or versions of products in this family may be affected too.)