COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2021-36582

CVE-2021-36582

Severity
critical
Source
NVD · cve
Published
2021-09-14
CVSS
9.8
Reference
https://nvd.nist.gov/vuln/detail/CVE-2021-36582
⚡ RCE shame 50/100 rce

In Kooboo CMS 2.1.1.0, it is possible to upload a remote shell (e.g., aspx) to the server and then call upon it to receive a reverse shell from the victim server. The files are uploaded to /Content/Template/root/reverse-shell.aspx and can be simply triggered by browsing that URL.

Players implicated

kooboo · vendorkooboo cms · product

Description

In Kooboo CMS 2.1.1.0, it is possible to upload a remote shell (e.g., aspx) to the server and then call upon it to receive a reverse shell from the victim server. The files are uploaded to /Content/Template/root/reverse-shell.aspx and can be simply triggered by browsing that URL.

Sentiment · trusted sources

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.