CVE-2021-43970

Name of the Vulnerable Software and Affected Versions Quicklert for Digium version 10.0.0 (1043)

Description An arbitrary file upload issue exists in the albumimages.jsp file, allowing an authenticated attacker with low privileges to execute remote code on the target server within the context of the application's permissions. This is achieved by uploading a file with a .mp3;.jsp filename that begins with audio data bytes.

Recommendations For Quicklert for Digium version 10.0.0 (1043), consider restricting access to the albumimages.jsp file as a temporary workaround until a patch is available. Avoid using filenames that could be interpreted as executable code, such as those ending in .jsp, in the affected file upload functionality. At the moment, there is no information about a newer version that contains a fix for this vulnerability.