CyberSec.Space Logo
Back to CVE Browser

CVE-2021-3832

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0260%
EPSS Percentile17.81th
PublishedOct 7, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

Integria IMS in its 5.0.92 version is vulnerable to a Remote Code Execution attack through file uploading. An unauthenticated attacker could abuse the AsyncUpload() function in order to exploit the vulnerability.

Affected Platforms (CPE)

πŸ“¦
Artica

Integria Ims

= 5.0.92

References & Advisories

πŸ”— https://integriaims.com/en/services/updates/
πŸ”— https://www.incibe-cert.es/en/early-warning/security-advisories/integria-ims-remote-code-execution
πŸ”— https://integriaims.com/en/services/updates/
πŸ”— https://www.incibe-cert.es/en/early-warning/security-advisories/integria-ims-remote-code-execution

Related Vulnerabilities

CVE-2019-150919.8

filemgr.php in Artica Integria IMS 5.0.86 allows index.php?sec=wiki&sec2=operation/wiki/wiki&action=upload arbitrary file upload.

CVE-2021-38339.8

Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password provided by the user and the MD5 h...

CVE-2018-10008128.1

Artica Integria IMS version 5.0 MR56 Package 58, likely earlier versions contains a CWE-640: Weak Password Recovery Mechanism for ...

CVE-2018-198296.5

Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios, resulting in the ability to delete an arbitrary user when ...