Vulnerability Details CVE-2021-28132
LUCY Security Awareness Software through 4.7.x allows unauthenticated remote code execution because the Migration Tool (in the Support section) allows upload of .php files within a system.tar.gz file. The .php file becomes accessible with a public/system/static URI.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.031
EPSS Ranking 86.3%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
Products affected by CVE-2021-28132
-
cpe:2.3:a:lucysecurity:security_awareness:*