PT-2021-22578 · Unknown · Maianaffiliate

Mari0X00

Published

2021-09-20

Updated

2022-06-27

CVE-2021-39402

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: MaianAffiliate version 1.0

Description: The issue allows for code injection by adding a new product via the admin panel. The injected payload is reflected on the affiliate main page for all authenticated and unauthenticated visitors.

Recommendations: For MaianAffiliate version 1.0, as a temporary workaround, consider restricting access to the admin panel to minimize the risk of exploitation. Avoid using the admin panel to add new products until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2021-39402

Affected Products

Maianaffiliate

PT-2021-22578 · Unknown · Maianaffiliate

CVE-2021-39402

Weakness Enumeration

Related Identifiers

Affected Products

References · 6