CVE-2021-41975

TadTools special page is vulnerable to authorization bypass, thus remote attackers can use the specific parameter to delete arbitrary files in the system without logging in.
References
Link Resource
https://www.twcert.org.tw/tw/cp-132-5174-6f1d5-1.html Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:tadtools_project:tadtools:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-10-08 16:15

Updated : 2024-02-28 18:48


NVD link : CVE-2021-41975

Mitre link : CVE-2021-41975

CVE.ORG link : CVE-2021-41975


JSON object : View

Products Affected

tadtools_project

  • tadtools
CWE
CWE-306

Missing Authentication for Critical Function

CWE-285

Improper Authorization