PT-2021-21293 · Unknown · Kooboo Cms

L00Neyhacker

Published

2021-09-14

Updated

2021-09-24

CVE-2021-36581

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Kooboo CMS version 2.1.1.0

Description The issue allows for insecure file upload, enabling the upload of any file extension to the server. The server fails to verify the file extension, which was demonstrated by successfully uploading an aspx file.

Recommendations For Kooboo CMS version 2.1.1.0, consider restricting file uploads to only necessary and verified extensions as a temporary workaround until a patch is available. Restrict access to the file upload functionality to minimize the risk of exploitation.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2021-36581

Affected Products

Kooboo Cms

PT-2021-21293 · Unknown · Kooboo Cms

CVE-2021-36581

Weakness Enumeration

Related Identifiers

Affected Products

References · 4