Vulnerability Details CVE-2021-27964
SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File Upload. An attacker can send a POST request to /Config/SaveUploadedHotspotLogoFile without any authentication or session header. There is no check for the file extension or content of the uploaded file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.809
EPSS Ranking 99.1%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://packetstormsecurity.com/files/161793/SonLogger-4.2.3.3-Shell-Upload.html
- https://github.com/erberkan/SonLogger-vulns
- https://www.sonlogger.com/releasenotes
- http://packetstormsecurity.com/files/161793/SonLogger-4.2.3.3-Shell-Upload.html
- https://github.com/erberkan/SonLogger-vulns
- https://www.sonlogger.com/releasenotes
Products affected by CVE-2021-27964
-
cpe:2.3:a:sfcyazilim:sonlogger:4.1.3
-
cpe:2.3:a:sfcyazilim:sonlogger:4.2.3
-
cpe:2.3:a:sfcyazilim:sonlogger:5.1.3