CVE-2021-41566 — CRITICAL (9.8)

Q: What is CVE-2021-41566?

CVE-2021-41566 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The file extension of the TadTools file upload function fails to filter, thus remote attackers can upload any types of files and execute arbitrary code without logging in.

Q: How severe is CVE-2021-41566?

CVE-2021-41566 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2021-41566?

Check the references section above for vendor advisories and patch information. Affected products include: Tadtools Project Tadtools.

Vulnerability Description

The file extension of the TadTools file upload function fails to filter, thus remote attackers can upload any types of files and execute arbitrary code without logging in.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Tadtools Project	Tadtools	< 3.2.2

Related Weaknesses (CWE)

CWE-434

References

https://www.twcert.org.tw/tw/cp-132-5170-83472-1.htmlThird Party Advisory
https://www.twcert.org.tw/tw/cp-132-5170-83472-1.htmlThird Party Advisory

FAQ

What is CVE-2021-41566?

CVE-2021-41566 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The file extension of the TadTools file upload function fails to filter, thus remote attackers can upload any types of files and execute arbitrary code without logging in.

How severe is CVE-2021-41566?

CVE-2021-41566 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2021-41566?

Check the references section above for vendor advisories and patch information. Affected products include: Tadtools Project Tadtools.