CVE-2021-31769 — HIGH (8.8)

Q: How severe is CVE-2021-31769?

CVE-2021-31769 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-31769?

Check the references section above for vendor advisories and patch information. Affected products include: Myq-Solution Myq Server.

Vulnerability Description

MyQ Server in MyQ X Smart before 8.2 allows remote code execution by unprivileged users because administrative session data can be read in the %PROGRAMFILES%\MyQ\PHP\Sessions directory. The "Select server file" feature is only intended for administrators but actually does not require authorization. An attacker can inject arbitrary OS commands (such as commands to create new .php files) via the Task Scheduler component.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Myq-Solution	Myq Server	< 8.2

Related Weaknesses (CWE)

CWE-78

References

https://gist.github.com/bc0d3/6d55866a78f66569383241406e18794fExploitThird Party Advisory
https://gist.github.com/bc0d3/6d55866a78f66569383241406e18794fExploitThird Party Advisory

FAQ

What is CVE-2021-31769?

CVE-2021-31769 is a vulnerability with a CVSS score of 8.8 (HIGH). MyQ Server in MyQ X Smart before 8.2 allows remote code execution by unprivileged users because administrative session data can be read in the %PROGRAMFILES%\MyQ\PHP\Sessions directory. The "Select se...

How severe is CVE-2021-31769?

CVE-2021-31769 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-31769?

Check the references section above for vendor advisories and patch information. Affected products include: Myq-Solution Myq Server.