CVE-2021-42675 Information

Description

Kreado Kreasfero 1.5 does not properly sanitize uploaded files to the media directory. One can upload a malicious PHP file and obtain remote code execution.

Reference

http://kreado.com http://kreasfero.com https://twitter.com/1ofThegutHakrs/status/1536246485188128768