Lucene search
+L

6 matches found

redhatcve
redhatcve
added 2025/05/22 9:32 p.m.31 views

CVE-2021-21276

Polr is an open source URL shortener. in Polr before version 2.3.0, a vulnerability in the setup process allows attackers to gain admin access to site instances, even if they do not possess an existing account. This vulnerability exists regardless of users' settings. If an attacker crafts a reque...

9.3CVSS6.7AI score0.07164EPSS
Exploits3References1
packetstorm
packetstorm
added 2023/04/06 12:0 a.m.293 views

POLR URL 2.3.0 Shortener Admin Takeover

Exploit Title: POLR URL 2.3.0 - Shortener Admin Takeover Date: 2021-02-01 Exploit Author: p4kl0nc4t Vendor Homepage: - Software Link: https://github.com/cydrobolt/polr Version: 2.3.0 Tested on: Linux CVE : CVE-2021-21276 import json import requests payload = 'acctusername': 'admin', 'acctpassword...

9.3CVSS9.3AI score0.07164EPSS
Exploits3
zdt
zdt
added 2023/04/06 12:0 a.m.276 views

POLR URL 2.3.0 - Shortener Admin Account Takeover Exploit

Exploit Title: POLR URL 2.3.0 - Shortener Admin Takeover Exploit Author: p4kl0nc4t Vendor Homepage: - Software Link: https://github.com/cydrobolt/polr Version: 2.3.0 Tested on: Linux CVE : CVE-2021-21276 import json import requests payload = 'acctusername': 'admin', 'acctpassword': 'password',...

9.3CVSS9.3AI score0.07164EPSS
Exploits3
exploitdb
exploitdb
added 2023/04/06 12:0 a.m.252 views

POLR URL 2.3.0 - Shortener Admin Takeover

Exploit Title: POLR URL 2.3.0 - Shortener Admin Takeover Date: 2021-02-01 Exploit Author: p4kl0nc4t Vendor Homepage: - Software Link: https://github.com/cydrobolt/polr Version: 2.3.0 Tested on: Linux CVE : CVE-2021-21276 import json import requests payload = 'acctusername': 'admin', 'acctpassword...

9.3CVSS9.4AI score0.07164EPSS
Exploits3
circl
circl
added 2021/02/01 7:25 p.m.6 views

CVE-2021-21276

creationtimestamp| type| source ---|---|--- 2021-02-01 19:25:11+00:00| published-proof-of-concept| https://t.me/cibsecurity/22897...

9.3CVSS8.6AI score0.07164EPSS
Exploits3References1
cve
cve
added 2021/02/01 12:0 a.m.52 views

CVE-2021-21276

Polr before version 2.3.0 is affected by a setup-process privilege-escalation vulnerability. A loose comparison (==) in SetupController allows an attacker to craft a request to /setup/finish with crafted cookie headers to obtain admin privileges on a site instance, even without an existing accoun...

9.3CVSS9.1AI score0.07164EPSS
Exploits3References4Affected Software1
Rows per page
Query Builder