PT-2022-10536 · Octobot · Octobot

Published

2022-07-16

·

Updated

2022-07-22

·

CVE-2021-36711

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions OctoBot versions prior to 0.4.4
Description The issue allows remote code execution due to mishandling of Tentacles upload in the WebInterface.
Recommendations For versions prior to 0.4.4, update to version 0.4.4 or later to resolve the issue.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2021-36711
GHSA-FR75-X856-Q6J8
PYSEC-2022-235

Affected Products

Octobot