CVE-2021-36123
Last modified
CVE-2021-36123 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. An issue was discovered in Echo ShareCare 8.15.5. The TextReader feature in General/TextReader/TextReader.cfm is susceptible to a local file inclusion vulnerability when processing remote input in the textFile parameter from an authenticated user, leading to the ability to read arbitrary files on the server filesystems as well any files accessible via Universal Naming Convention (UNC) paths.. EPSS estimates a 0.77% chance of exploitation in the next 30 days.
Description
An issue was discovered in Echo ShareCare 8.15.5. The TextReader feature in General/TextReader/TextReader.cfm is susceptible to a local file inclusion vulnerability when processing remote input in the textFile parameter from an authenticated user, leading to the ability to read arbitrary files on the server filesystems as well any files accessible via Universal Naming Convention (UNC) paths.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Echobh | Sharecare | 8.15.5 |
References
- https://github.com/atredispartners/advisories/blob/master/ATREDIS-2021-0001.mdThird Party Advisory
- https://github.com/atredispartners/advisories/blob/master/ATREDIS-2021-0001.mdThird Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-36123?
How severe is CVE-2021-36123?
How do I fix CVE-2021-36123?
Are you affected by CVE-2021-36123?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST