Vulnerability Details CVE-2021-36711
WebInterface in OctoBot before 0.4.4 allows remote code execution because Tentacles upload is mishandled.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.306
EPSS Ranking 96.5%
CVSS Severity
CVSS v3 Score 9.8
References
- http://packetstormsecurity.com/files/167780/OctoBot-WebInterface-0.4.3-Remote-Code-Execution.html
- https://github.com/Drakkar-Software/OctoBot/blob/master/CHANGELOG.md
- https://github.com/Drakkar-Software/OctoBot/issues/1966
- https://github.com/Nwqda/Sashimi-Evil-OctoBot-Tentacle
- https://packetstormsecurity.com/files/167721/Sashimi-Evil-OctoBot-Tentacle.html
- https://www.octobot.online/
- http://packetstormsecurity.com/files/167780/OctoBot-WebInterface-0.4.3-Remote-Code-Execution.html
- https://github.com/Drakkar-Software/OctoBot/blob/master/CHANGELOG.md
- https://github.com/Drakkar-Software/OctoBot/issues/1966
- https://github.com/Nwqda/Sashimi-Evil-OctoBot-Tentacle
- https://packetstormsecurity.com/files/167721/Sashimi-Evil-OctoBot-Tentacle.html
- https://www.octobot.online/