Vulnerability Details CVE-2021-27963
SonLogger before 6.4.1 is affected by user creation with any user permissions profile (e.g., SuperAdmin). An anonymous user can send a POST request to /User/saveUser without any authentication or session header.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.045
EPSS Ranking 88.7%
CVSS Severity
CVSS v3 Score 8.2
CVSS v2 Score 6.4
References
Products affected by CVE-2021-27963
-
cpe:2.3:a:sfcyazilim:sonlogger:4.1.3
-
cpe:2.3:a:sfcyazilim:sonlogger:4.2.3
-
cpe:2.3:a:sfcyazilim:sonlogger:5.1.3