PT-2023-12256 · Unknown+1 · Yupoxion Bearadmin+1

Szfsiro

Published

2023-02-17

Updated

2025-03-18

CVE-2021-35261

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Yupoxion BearAdmin before commit 10176153528b0a914eb4d726e200fd506b73b075

Description The issue allows an attacker to execute arbitrary remote code via the Upfile function of the "extend/tools/Ueditor" endpoint. This enables remote code execution, potentially leading to severe security consequences.

Recommendations For Yupoxion BearAdmin before commit 10176153528b0a914eb4d726e200fd506b73b075, consider disabling the Upfile function of the extend/tools/Ueditor endpoint as a temporary workaround until a patch is available. Restrict access to the extend/tools/Ueditor endpoint to minimize the risk of exploitation.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2021-35261

Affected Products

Ueditor

Yupoxion Bearadmin

PT-2023-12256 · Unknown+1 · Yupoxion Bearadmin+1

CVE-2021-35261

Weakness Enumeration

Related Identifiers

Affected Products

References · 5