Lucene search
PRIOn knowledge basePRION:CVE-2021-32961HistoryApr 01, 2022 - 11:15 p.m.
Design/Logic Flaw
2022-04-0123:15:00
PRIOn knowledge base
www.prio-n.com
3
A getfile function in MDT AutoSave versions prior to v6.02.06 enables a user to supply an optional parameter, resulting in the processing of a request in a special manner. This can result in the execution of an unzip command and place a malicious .exe file in one of the locations the function looks for and get execution capabilities.
| CPE | Name | Operator | Version |
|---|---|---|---|
| autosave | lt | 6.02.06 | |
| autosave | ge | 7.00 | |
| autosave | le | 7.04 | |
| autosave_for_system_platform | lt | 4.01 | |
| autosave_for_system_platform | eq | 5.00 |
Related
cve
cve
CVE-2021-32961
2022-04-01 23:15:09
cvelist
cvelist
CVE-2021-32961 MDT AutoSave Unrestricted Upload of File with Dangerous Type
2022-04-01 22:17:04
nvd
nvd
CVE-2021-32961
2022-04-01 23:15:09
ics
ics
MDT AutoSave
2021-07-08 12:00:00