Kooboo CMS 2.1.1.0 is vulnerable to Insecure file upload. It is possible to upload any file extension to the server. The server does not verify the extension of the file and the tester was able to upload an aspx to the server.
References
Link | Resource |
---|---|
https://github.com/l00neyhacker/CVE-2021-36581/ | Third Party Advisory |
http://kooboo.com | Permissions Required Vendor Advisory |
Configurations
Information
Published : 2021-09-14 05:15
Updated : 2021-09-24 05:57
NVD link : CVE-2021-36581
Mitre link : CVE-2021-36581
JSON object : View
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type
Products Affected
kooboo
- kooboo_cms