Vulnerability Details CVE-2021-3317
KLog Server through 2.4.1 allows authenticated command injection. async.php calls shell_exec() on the original value of the source parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.212
EPSS Ranking 95.4%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
- http://packetstormsecurity.com/files/161208/Klog-Server-2.4.1-Command-Injection.html
- https://docs.unsafe-inline.com/0day/klog-server-authenticated-command-injection
- http://packetstormsecurity.com/files/161208/Klog-Server-2.4.1-Command-Injection.html
- https://docs.unsafe-inline.com/0day/klog-server-authenticated-command-injection
Products affected by CVE-2021-3317
-
cpe:2.3:a:klogserver:klog_server:2.4.1