Lucene search
K

CVE-2021-31181

🗓️ 11 May 2021 19:11:30Reported by microsoftType 
cve
 cve
🔗 web.nvd.nist.gov📰️ 10 Media mentions👁 275 Views🌐 WEB

Microsoft SharePoint Remote Code Execution Vulnerabilit

Related
Detection
Affected
Refs
Paths
Social
[
  {
    "vendor": "Microsoft",
    "product": "Microsoft SharePoint Enterprise Server 2016",
    "cpes": [
      "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*"
    ],
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "16.0.0",
        "lessThan": "16.0.5161.1000",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft SharePoint Server 2019",
    "cpes": [
      "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "16.0.0",
        "lessThan": "16.0.10374.20000",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft SharePoint Foundation 2013 Service Pack 1",
    "cpes": [
      "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*"
    ],
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "15.0.0",
        "lessThan": "15.0.5345.1000",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
RenderWebPartForEditrequest body/_vti_bin/WebPartPages.asmxRenderWebPartForEdit endpoint used to inject unsafe server controls via XML/ASPX markup and bypass SafeControl verification to achieve RCECWE-94
XmlDataSourcerequest body/_vti_bin/WebPartPages.asmxRenderWebPartForEdit endpoint used to inject unsafe server controls via XML/ASPX markup and bypass SafeControl verification to achieve RCECWE-94
XsltListFormWebPartrequest body/_vti_bin/WebPartPages.asmxRenderWebPartForEdit endpoint used to inject unsafe server controls via XML/ASPX markup and bypass SafeControl verification to achieve RCECWE-94
idpath/_api/web/idEndpoint used to obtain the webId of a site for PoC/attack preparationCWE-264
webIdpath/_api/web/idEndpoint used to obtain the webId of a site for PoC/attack preparationCWE-264
titlepath/_layouts/15/viewlsts.aspxUsed to retrieve the title of an SPList to target in the PoCCWE-264
ListDisplayNamepath/_layouts/15/viewlsts.aspxUsed to retrieve the title of an SPList to target in the PoCCWE-264
__VIEWSTATEGENERATORquery param/_layouts/15/success.aspxPage used to obtain a valid VIEWSTATE for deserialization-based RCE via ViewState forgeryCWE-94
__VIEWSTATEquery param/_layouts/15/success.aspxPage used to obtain a valid VIEWSTATE for deserialization-based RCE via ViewState forgeryCWE-94
__VIEWSTATEGENERATORquery param/_layouts/15/success.aspxPage used to obtain a valid VIEWSTATE for deserialization-based RCE via ViewState forgeryCWE-94
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 03:51Current
8.7High risk
Vulners AI Score8.7
CVSS 26.5
CVSS 3.18.8
EPSS0.30045
SSVC
275