CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2021-3832

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0260%
EPSS Percentile17.81th
Published2021年10月7日
Last Modified2024年11月21日

Vulnerability Description

Integria IMS in its 5.0.92 version is vulnerable to a Remote Code Execution attack through file uploading. An unauthenticated attacker could abuse the AsyncUpload() function in order to exploit the vulnerability.

Affected Platforms (CPE)

📦
Artica

Integria Ims

= 5.0.92

References & Advisories

🔗 https://integriaims.com/en/services/updates/
🔗 https://www.incibe-cert.es/en/early-warning/security-advisories/integria-ims-remote-code-execution
🔗 https://integriaims.com/en/services/updates/
🔗 https://www.incibe-cert.es/en/early-warning/security-advisories/integria-ims-remote-code-execution

相關漏洞威脅

CVE-2019-150919.8

filemgr.php in Artica Integria IMS 5.0.86 allows index.php?sec=wiki&sec2=operation/wiki/wiki&action=upload arbitrary file upload.

CVE-2021-38339.8

Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password provided by the user and the MD5 h...

CVE-2018-10008128.1

Artica Integria IMS version 5.0 MR56 Package 58, likely earlier versions contains a CWE-640: Weak Password Recovery Mechanism for ...

CVE-2018-198296.5

Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios, resulting in the ability to delete an arbitrary user when ...