CyberSec.Space Logo
Back to CVE Browser

CVE-2021-42342

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1450%
EPSS Percentile21.11th
PublishedOct 14, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

An issue was discovered in GoAhead 4.x and 5.x before 5.1.5. In the file upload filter, user form variables can be passed to CGI scripts without being prefixed with the CGI prefix. This permits tunneling untrusted environment variables into vulnerable CGI scripts.

Affected Platforms (CPE)

📦
Embedthis

Goahead

>= 4.0.0 and <= 4.1.3
📦
Embedthis

Goahead

>= 5.0.0 and < 5.1.5

References & Advisories

🔗 https://github.com/embedthis/goahead/issues/305
🔗 https://github.com/embedthis/goahead/issues/305

Related Vulnerabilities

CVE-2015-793710.0

Stack-based buffer overflow in the GoAhead Web Server on Schneider Electric Modicon M340 PLC BMXNOx and BMXPx devices allows remot...

CVE-2019-153119.8

An issue was discovered on Zolo Halo devices via the Linkplay firmware. There is Zolo Halo LAN remote code execution. The Zolo Hal...

CVE-2019-50969.8

An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web ...

CVE-2021-416159.8

websda.c in GoAhead WebServer 2.1.8 has insufficient nonce entropy because the nonce calculation relies on the hardcoded onceupona...