CVE-2021-20721

Name of the Vulnerable Software and Affected Versions KonaWiki2 versions prior to 2.2.4

Description The issue allows a remote attacker to upload arbitrary files via unspecified vectors. If the uploaded file contains PHP scripts, it may lead to the execution of arbitrary code. This is related to an unlimited file upload vulnerability of a dangerous type in the KonaWiki2 content management system, which can be exploited by a remote attacker to upload and execute arbitrary files.

Recommendations For versions prior to 2.2.4, update to version 2.2.4 or later to resolve the issue. As a temporary workaround, consider restricting file uploads to prevent the execution of arbitrary code until a patch is applied. Restrict access to the file upload feature to minimize the risk of exploitation. Avoid using the file upload feature in the affected versions until the issue is resolved.