CVE-2021-41919
Last modified
CVE-2021-41919 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. webTareas version 2.4 and earlier allows an authenticated user to arbitrarily upload potentially dangerous files without restrictions. This is working by adding or replacing a personal profile picture. EPSS estimates a 2.30% chance of exploitation in the next 30 days.
Description
webTareas version 2.4 and earlier allows an authenticated user to arbitrarily upload potentially dangerous files without restrictions. This is working by adding or replacing a personal profile picture. The affected endpoint is /includes/upload.php on the HTTP POST data. This allows an attacker to exploit the platform by injecting code or malware and, under certain conditions, to execute code on remote user browsers.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Webtareas Project | Webtareas | <= 2.4 |
References
- https://n4nj0.github.io/advisories/webtareas-multiple-vulnerabilities-i/Exploit, Third Party Advisory
- https://n4nj0.github.io/advisories/webtareas-multiple-vulnerabilities-i/Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-41919?
How severe is CVE-2021-41919?
How do I fix CVE-2021-41919?
Are you affected by CVE-2021-41919?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST