Lucene search
TwcertCVELIST:CVE-2021-32538HistoryJul 07, 2021 - 2:12 p.m.
CVE-2021-32538 ARTWARE CMS - Unrestricted Upload of File
2021-07-0714:12:28
CWE-434
twcert
www.cve.org
2
artware cms
unrestricted upload
file
remote attackers
execute code
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.9
Confidence
High
EPSS
0.009
Percentile
82.3%
ARTWARE CMS parameter of image upload function does not filter the type of upload files which allows remote attackers can upload arbitrary files without logging in, and further execute code unrestrictedly.
CNA Affected
[
{
"product": "CMS",
"vendor": "ARTWARE",
"versions": [
{
"lessThanOrEqual": "2021/1/8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
nvd
nvd
CVE-2021-32538
2021-07-07 14:15:12
cve
cve
CVE-2021-32538
2021-07-07 14:15:12
cnvd
cnvd
ARTWARE CMS Arbitrary File Upload Vulnerability
2021-07-09 00:00:00
prion
prion
Design/Logic Flaw
2021-07-07 14:15:00
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.9
Confidence
High
EPSS
0.009
Percentile
82.3%
Related for CVELIST:CVE-2021-32538