Lucene search
PRIOn knowledge basePRION:CVE-2021-36359HistoryAug 30, 2021 - 5:15 a.m.
Remote code execution
2021-08-3005:15:00
PRIOn knowledge base
www.prio-n.com
4
OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remote code execution (RCE) via XML tag injection because reportlab\platypus\paraparser.py (reached via bscw.cgi op=_editfolder.EditFolder) calls eval on attacker-supplied Python code. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and 7.4.3.
| CPE | Name | Operator | Version |
|---|---|---|---|
| bscw_classic | ge | 7.4.0 | |
| bscw_classic | lt | 7.4.3 | |
| bscw_classic | ge | 7.3.0 | |
| bscw_classic | lt | 7.3.3 | |
| bscw_classic | ge | 5.2.0 | |
| bscw_classic | lt | 5.2.4 | |
| bscw_classic | ge | 5.1.0 | |
| bscw_classic | lt | 5.1.10 | |
| bscw_classic | lt | 5.0.12 |
Related
nvd
nvd
CVE-2021-36359
2021-08-30 05:15:07
cve
cve
CVE-2021-36359
2021-08-30 05:15:07
cvelist
cvelist
CVE-2021-36359
2021-08-30 04:42:27
packetstorm
packetstorm
BSCW Server XML Injection
2021-08-31 00:00:00
zdt
zdt
BSCW Server XML Injection Vulnerability
2021-08-31 00:00:00