CVE-2021-42654
Summary
| CVE | CVE-2021-42654 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-05-24 13:15:00 UTC |
| Updated | 2022-06-03 17:45:00 UTC |
| Description | SiteServer CMS < V5.1 is affected by an unrestricted upload of a file with dangerous type (getshell), which could be used to execute arbitrary code. |
Risk And Classification
Problem Types: CWE-434
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Sscms | Siteserver Cms | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 未授权任意文件上传getshell · Issue #3236 · siteserver/cms · GitHub | MISC | github.com | |
| github.com/siteserver/cms/releases/download/siteserver-dev-v5.0.92/sites... | MISC | github.com | |
| GitHub - siteserver/cms: SS CMS 基于 .NET Core,能够以最低的成本、最少的人力投入在最短的时间内架设一个功能齐全、性能优异、规模庞大并易于维护的网站平台。 | MISC | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.