Lucene search
HistoryMay 08, 2023 - 2:15 p.m.
CVE-2021-28998
cve
2021
28998
file upload
vulnerability
cms made simple
webshell
phar file
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
61.9%
File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file.
Affected configurations
Node
cmsmadesimplecms_made_simpleRange≤2.2.15
| CPE | Name | Operator | Version |
|---|---|---|---|
| cmsmadesimple:cms_made_simple | cmsmadesimple cms made simple | le | 2.2.15 |
Related
veracode
veracode
Remote Code Execution (RCE)
2023-05-11 05:53:32
openvas
openvas
CMS Made Simple <= 2.2.16 File Upload Vulnerability
2023-05-12 00:00:00
prion
prion
Unrestricted file upload
2023-05-08 14:15:00
nvd
nvd
CVE-2021-28998
2023-05-08 14:15:10
cvelist
cvelist
CVE-2021-28998
2023-05-08 00:00:00
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
61.9%
Related for CVE-2021-28998