CVE-2021-25251

HIGH Year: 2021
CVSS v3 Score
7.2
High
CVSS v2 Score
6.5
Medium
Weakness Type
CWE-94
View all →

Vulnerability Description

The Trend Micro Security 2020 and 2021 families of consumer products are vulnerable to a code injection vulnerability which could allow an attacker to disable the program's password protection and disable protection. An attacker must already have administrator privileges on the machine to exploit this vulnerability.

Related Vulnerabilities

CVE-2013-2267

HIGH
CVSS:7.2(High)

PHP Code Injection vulnerability in FUDforum Bulletin Board Software 3.0.4 could allow remote attackers to execute arbitrary code on the system.

CWE-942013

CVE-2015-0249

HIGH
CVSS:7.2(High)

The weblog page template in Apache Roller 5.1 through 5.1.1 allows remote authenticated users with admin privileges for a weblog to execute arbitrary Java code via crafted Velocity Text Language (aka ...

CWE-942015

CVE-2015-3173

HIGH
CVSS:7.2(High)

custom-content-type-manager Wordpress plugin can be used by an administrator to achieve arbitrary PHP remote code execution.

CWE-942015

CVE-2015-9227

HIGH
CVSS:7.2(High)

PHP remote file inclusion vulnerability in the get_file function in upload/admin2/controller/report_logs.php in AlegroCart 1.2.8 allows remote administrators to execute arbitrary PHP code via a URL in...

CWE-942015

CVE-2017-15935

HIGH
CVSS:7.2(High)

Artica Pandora FMS version 7.0 is vulnerable to remote PHP code execution through the manager files function. This is only exploitable by administrators who upload a PHP file.

CWE-942017

CVE-2017-16682

HIGH
CVSS:7.2(High)

SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed...

CWE-942017