CVE-2021-26473
Severity CVSS v4.0:
Pending analysis
Type:
CWE-434
Unrestricted Upload of File with Dangerous Type
Publication date:
08/06/2021
Last modified:
22/04/2022
Description
In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 the http API located at /sgwebservice_o.php action logFilePath allows an attacker to write arbitrary files in the context of the web server process. These files can then be executed remotely by calling the file via the web server.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:vembu:bdr_suite:*:*:*:*:*:*:*:* | 4.2.0.1 (excluding) | |
cpe:2.3:a:vembu:offsite_dr:*:*:*:*:*:*:*:* | 4.2.0.1 (excluding) |
To consult the complete list of CPE names with products and versions, see this page