CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-43970

An arbitrary file upload vulnerability exists in albumimages.jsp in Quicklert for Digium 10.0.0 (1043) via a .mp3;.jsp filename for a file that begins with audio data bytes. It allows an authenticated (low privileged) attacker to execute remote code on the target server within the context of application's permissions (SYSTEM).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.007

EPSS Ranking 70.6%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 9.0

References

https://quicklert.com
https://www.assurainc.com/assura-announces-discovery-of-two-vulnerabilities-in-quicklert-for-digium-switchvox/amp-on/
https://quicklert.com
https://www.assurainc.com/assura-announces-discovery-of-two-vulnerabilities-in-quicklert-for-digium-switchvox/amp-on/

Products affected by CVE-2021-43970

Quicklert » Quicklert » Version: 10.0.0

cpe:2.3:a:quicklert:quicklert:10.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-43970

Products

Pricing

Contact Us