Lucene search

[email protected]CVE-2021-36581

HistorySep 14, 2021 - 12:15 p.m.

CVE-2021-36581

2021-09-1412:15:09

CWE-434

[email protected]

web.nvd.nist.gov

kooboo cms

2.1.1.0

insecure file upload

cve-2021-36581

server vulnerability

file upload vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.7%

JSON

Kooboo CMS 2.1.1.0 is vulnerable to Insecure file upload. It is possible to upload any file extension to the server. The server does not verify the extension of the file and the tester was able to upload an aspx to the server.

Affected configurations

NVD

Node

koobookooboo_cmsMatch2.1.1.0

CPENameOperatorVersion
kooboo:kooboo_cmskooboo kooboo cmseq2.1.1.0

CPE	Name	Operator	Version
kooboo:kooboo_cms	kooboo kooboo cms	eq	2.1.1.0

References

kooboo.com

github.com/l00neyhacker/CVE-2021-36581/

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.7%

JSON

Related for CVE-2021-36581

prion1 nvd1 cvelist1 githubexploit1