CVE-2021-28428 Information
Jun 07, 2022
cve
Description
File upload vulnerability in HorizontCMS before 1.0.0-beta.3 via uploading a .htaccess and .hello files using the Media Files upload functionality. The original file upload vulnerability (CVE-2020-27387) was remediated by restricting the PHP extensions; however we confirmed that the filter was bypassed via uploading an arbitrary .htaccess and .hello files in order to execute PHP code to gain RCE.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
https://github.com/ttimot24/HorizontCMS https://github.com/ttimot24/HorizontCMS/commit/9c4d6827cbe96decec6834d53660e14ab2bf8838
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.8
Share on: