COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2021-42675

CVE-2021-42675

Severity
critical
Source
NVD · cve
Published
2022-06-14
CVSS
9.8
Reference
https://nvd.nist.gov/vuln/detail/CVE-2021-42675
⚡ RCE shame 50/100 rce

Kreado Kreasfero 1.5 does not properly sanitize uploaded files to the media directory. One can upload a malicious PHP file and obtain remote code execution.

Players implicated

kreado · vendorkreasfero · product

Description

Kreado Kreasfero 1.5 does not properly sanitize uploaded files to the media directory. One can upload a malicious PHP file and obtain remote code execution.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.