CVE-2021-41243

HIGH Year: 2021
CVSS v3 Score
8.8
High
CVSS v2 Score
9.0
Critical
Weakness Type
CWE-78
View all →

Vulnerability Description

There is a Potential Zip Slip Vulnerability and OS Command Injection Vulnerability on the management system of baserCMS. Users with permissions to upload files may upload crafted zip files which may execute arbitrary commands on the host operating system. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. If you are eligible, please update to the new version as soon as possible.

Related Vulnerabilities

CVE-2011-3178

HIGH
CVSS:8.8(High)

In the web ui of the openbuildservice before 2.3.0 a code injection of the project rebuildtimes statistics could be used by authorized attackers to execute shellcode.

CWE-782011

CVE-2012-4981

HIGH
CVSS:8.8(High)

Toshiba ConfigFree 8.0.38 has a CF7 File Remote Command Execution Vulnerability

CWE-782012

CVE-2012-5693

HIGH
CVSS:8.8(High)

Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddressTB parameter to (1) remoteAttack.pl or (2) ...

CWE-782012

CVE-2012-6610

HIGH
CVSS:8.8(High)

Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote authenticated users to execute arbitrary commands as demonstrated by a ; (semicolon) to the ping command feature.

CWE-782012

CVE-2013-1598

HIGH
CVSS:8.8(High)

A Command Injection vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via the system.ntp parameter to the farseer.out binary file, which cold let a malicious user execute arbitrary cod...

CWE-782013

CVE-2013-2024

HIGH
CVSS:8.8(High)

OS command injection vulnerability in the "qs" procedure from the "utils" module in Chicken before 4.9.0.

CWE-782013