CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-42675

Kreado Kreasfero 1.5 does not properly sanitize uploaded files to the media directory. One can upload a malicious PHP file and obtain remote code execution.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.042

EPSS Ranking 88.3%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

http://kreado.com
http://kreasfero.com
https://twitter.com/1ofThegutHakrs/status/1536246485188128768
http://kreado.com
http://kreasfero.com
https://twitter.com/1ofThegutHakrs/status/1536246485188128768

Products affected by CVE-2021-42675

Kreado » Kreasfero » Version: 1.5

cpe:2.3:a:kreado:kreasfero:1.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-42675

Products

Pricing

Contact Us