CVE-2021-41566

The file extension of the TadTools file upload function fails to filter, thus remote attackers can upload any types of files and execute arbitrary code without logging in.
References
Link Resource
https://www.twcert.org.tw/tw/cp-132-5170-83472-1.html Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:tadtools_project:tadtools:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-10-08 16:15

Updated : 2024-02-28 18:48


NVD link : CVE-2021-41566

Mitre link : CVE-2021-41566

CVE.ORG link : CVE-2021-41566


JSON object : View

Products Affected

tadtools_project

  • tadtools
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type