PT-2022-11857 · Unknown · Simple Client Management System

Published

2022-03-31

Updated

2022-04-07

CVE-2021-43484

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Simple Client Management System version 1.0

Description A Remote Code Execution (RCE) issue exists due to the failure to validate the extension of the file being sent in a request to the create.php file.

Recommendations For Simple Client Management System version 1.0, consider validating the file extension in the create.php file to prevent malicious file uploads until a patch is available. As a temporary workaround, restrict access to the create.php file to minimize the risk of exploitation.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2021-43484

Affected Products

Simple Client Management System

PT-2022-11857 · Unknown · Simple Client Management System

CVE-2021-43484

Weakness Enumeration

Related Identifiers

Affected Products

References · 5