CVE-2021-26473

Severity CVSS v4.0:
Pending analysis
Type:
CWE-434 Unrestricted Upload of File with Dangerous Type
Publication date:
08/06/2021
Last modified:
22/04/2022

Description

In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 the http API located at /sgwebservice_o.php action logFilePath allows an attacker to write arbitrary files in the context of the web server process. These files can then be executed remotely by calling the file via the web server.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:vembu:bdr_suite:*:*:*:*:*:*:*:* 4.2.0.1 (excluding)
cpe:2.3:a:vembu:offsite_dr:*:*:*:*:*:*:*:* 4.2.0.1 (excluding)