CyberSec.Space Logo
CVEブラウザに戻る

CVE-2021-42342

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1450%
EPSS Percentile21.11th
Published2021年10月14日
Last Modified2024年11月21日

Vulnerability Description

An issue was discovered in GoAhead 4.x and 5.x before 5.1.5. In the file upload filter, user form variables can be passed to CGI scripts without being prefixed with the CGI prefix. This permits tunneling untrusted environment variables into vulnerable CGI scripts.

Affected Platforms (CPE)

📦
Embedthis

Goahead

>= 4.0.0 and <= 4.1.3
📦
Embedthis

Goahead

>= 5.0.0 and < 5.1.5

References & Advisories

🔗 https://github.com/embedthis/goahead/issues/305
🔗 https://github.com/embedthis/goahead/issues/305

関連する脆弱性情報

CVE-2015-793710.0

Stack-based buffer overflow in the GoAhead Web Server on Schneider Electric Modicon M340 PLC BMXNOx and BMXPx devices allows remot...

CVE-2019-153119.8

An issue was discovered on Zolo Halo devices via the Linkplay firmware. There is Zolo Halo LAN remote code execution. The Zolo Hal...

CVE-2019-50969.8

An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web ...

CVE-2021-416159.8

websda.c in GoAhead WebServer 2.1.8 has insufficient nonce entropy because the nonce calculation relies on the hardcoded onceupona...