CyberSec.Space Logo
Back to CVE Browser

CVE-2021-29377

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1730%
EPSS Percentile39.74th
PublishedAug 12, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

Pear Admin Think through 2.1.2 has an arbitrary file upload vulnerability that allows attackers to execute arbitrary code remotely. A .php file can be uploaded via admin.php/index/upload because app/common/service/UploadService.php mishandles fileExt.

Affected Platforms (CPE)

📦
Pearadmin

Pearadmin Think

<= 2.1.2

References & Advisories

🔗 https://gitee.com/pear-admin/Pear-Admin-Think/issues/I3DI3T
🔗 https://gitee.com/pear-admin/Pear-Admin-Think/issues/I3DI3T

Related Vulnerabilities

CVE-2021-3303210.0

A Remote Code Execution (RCE) vulnerability in the WebUI component of the eQ-3 HomeMatic CCU2 firmware up to and including version...

CVE-2021-3279810.0

The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untrusted notebook can ex...

CVE-2021-3467910.0

Thycotic Password Reset Server before 5.3.0 allows credential disclosure.

CVE-2021-3851610.0

Certain NETGEAR devices are affected by lack of access control at the function level. This affects D6220 before 1.0.0.48, D6400 be...