Vulnerability Details CVE-2021-27964
SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File Upload. An attacker can send a POST request to /Config/SaveUploadedHotspotLogoFile without any authentication or session header. There is no check for the file extension or content of the uploaded file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.655
EPSS Ranking 98.4%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://packetstormsecurity.com/files/161793/SonLogger-4.2.3.3-Shell-Upload.html
- https://github.com/erberkan/SonLogger-vulns
- https://www.sonlogger.com/releasenotes
- http://packetstormsecurity.com/files/161793/SonLogger-4.2.3.3-Shell-Upload.html
- https://github.com/erberkan/SonLogger-vulns
- https://www.sonlogger.com/releasenotes
Products affected by CVE-2021-27964
-
cpe:2.3:a:sfcyazilim:sonlogger:4.1.3
-
cpe:2.3:a:sfcyazilim:sonlogger:4.2.3
-
cpe:2.3:a:sfcyazilim:sonlogger:5.1.3