CVE-2021-44912 — MEDIUM (5.4)

Q: How severe is CVE-2021-44912?

CVE-2021-44912 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-44912?

Check the references section above for vendor advisories and patch information. Affected products include: Xpressengine Xpressengine.

Vulnerability Description

In XE 1.116, when uploading the Normal button, there is no restriction on the file suffix, which leads to any file uploading to the files directory. Since .htaccess only restricts the PHP type, uploading HTML-type files leads to stored XSS vulnerabilities. If the .htaccess configuration is improper, for example before the XE 1.11.2 version, you can upload the PHP type file to GETSHELL.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Xpressengine	Xpressengine	< 1.11.6

Related Weaknesses (CWE)

CWE-79

References

https://github.com/xpressengine/xe-core/issues/2433ExploitIssue TrackingThird Party Advisory
https://github.com/xpressengine/xe-core/issues/2433ExploitIssue TrackingThird Party Advisory

FAQ

What is CVE-2021-44912?

CVE-2021-44912 is a vulnerability with a CVSS score of 5.4 (MEDIUM). In XE 1.116, when uploading the Normal button, there is no restriction on the file suffix, which leads to any file uploading to the files directory. Since .htaccess only restricts the PHP type, upload...

How severe is CVE-2021-44912?

CVE-2021-44912 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-44912?

Check the references section above for vendor advisories and patch information. Affected products include: Xpressengine Xpressengine.