Vulnerability Details CVE-2021-46113
In MartDevelopers KEA-Hotel-ERP open source as of 12-31-2021, a remote code execution vulnerability can be exploited by uploading PHP files using the file upload vulnerability in this service.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.03
EPSS Ranking 86.1%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
- https://blog.pocas.kr/posts/rce-KEA-Hotel-ERP/
- https://gist.github.com/P0cas/5aa55f62781364a750ac4a4d47f319fa#cve-2021-46113
- https://www.youtube.com/watch?v=gnSMrvV5e9w
- https://blog.pocas.kr/posts/rce-KEA-Hotel-ERP/
- https://gist.github.com/P0cas/5aa55f62781364a750ac4a4d47f319fa#cve-2021-46113
- https://www.youtube.com/watch?v=gnSMrvV5e9w
Products affected by CVE-2021-46113
-
cpe:2.3:a:kea-hotel-erp_project:kea-hotel-erp:-