CVE-2021-47936
CRITICAL SEVERITYCVSS Score & Metrics
Base Score
9.8 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Description
OpenCATS 0.9.4 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by uploading malicious PHP files disguised as resume attachments. Attackers can upload PHP payloads through the careers job application endpoint and execute system commands via POST requests to the uploaded file in the upload directory.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-306
Source
NVD
Vendor
Opencats
Product
OpenCATS
Discussion (0)
Add Comment
No comments yet. Be the first!