PT-2021-21585 · Sourcecodester · Sourcecodester Customer Relationship Management System

Published

2021-10-27

Updated

2021-10-28

CVE-2021-37221

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Sourcecodester Customer Relationship Management System version 1.0

Description A file upload issue exists via the account update option and customer create option, allowing a remote malicious user to upload an arbitrary php file.

Recommendations For Sourcecodester Customer Relationship Management System version 1.0, consider restricting access to the account update and customer create options until a fix is available. As a temporary workaround, restrict file uploads to only necessary file types to minimize the risk of exploitation.

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2021-37221

Affected Products

Sourcecodester Customer Relationship Management System

PT-2021-21585 · Sourcecodester · Sourcecodester Customer Relationship Management System

CVE-2021-37221

Weakness Enumeration

Related Identifiers

Affected Products

References · 4