CVE-2021-43829

HIGH Year: 2021
CVSS v3 Score
8.8
High
CVSS v2 Score
6.5
Medium
Weakness Type
CWE-434
View all →

Vulnerability Description

PatrOwl is a free and open-source solution for orchestrating Security Operations. In versions prior to 1.7.7 PatrowlManager unrestrictly handle upload files in the findings import feature. This vulnerability is capable of uploading dangerous type of file to server leading to XSS attacks and potentially other forms of code injection. Users are advised to update to 1.7.7 as soon as possible. There are no known workarounds for this issue.

Related Vulnerabilities

CVE-2010-3663

HIGH
CVSS:8.8(High)

TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arb...

CWE-4342010

CVE-2011-1597

HIGH
CVSS:8.8(High)

OpenVAS Manager v2.0.3 allows plugin remote code execution.

CWE-4342011

CVE-2011-4334

HIGH
CVSS:8.8(High)

edit.php in LabWiki 1.1 and earlier does not properly verify uploaded user files, which allows remote authenticated users to upload arbitrary PHP files via a PHP file with a .gif extension in the user...

CWE-4342011

CVE-2012-1592

HIGH
CVSS:8.8(High)

A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files.

CWE-4342012

CVE-2013-1916

HIGH
CVSS:8.8(High)

In WordPress Plugin User Photo 0.9.4, when a photo is uploaded, it is only partially validated and it is possible to upload a backdoor on the server hosting WordPress. This backdoor can be called (exe...

CWE-4342013

CVE-2013-3591

HIGH
CVSS:8.8(High)

vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability

CWE-4342013