CVE-2021-37770: Malicious File Upload
First published: Thu Jun 30 2022(Updated: )
Nucleus CMS v3.71 is affected by a file upload vulnerability. In this vulnerability, we can use upload to change the upload path to the path without the Htaccess file. Upload an Htaccess file and write it to AddType application / x-httpd-php.jpg. In this way, an attacker can upload a picture with shell, treat it as PHP, execute commands, so as to take down website resources.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| NucleusCMS | =3.71 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-37770?
CVE-2021-37770 is considered a high severity vulnerability due to its potential for arbitrary file uploads leading to remote code execution.
How do I fix CVE-2021-37770?
To fix CVE-2021-37770, users should upgrade their Nucleus CMS to version 3.72 or later, which includes a patch for the vulnerability.
What type of vulnerability is CVE-2021-37770?
CVE-2021-37770 is categorized as a file upload vulnerability that can be exploited by attackers to gain unauthorized access.
Who is affected by CVE-2021-37770?
CVE-2021-37770 affects users of Nucleus CMS version 3.71, putting their web applications at risk.
What are the potential consequences of CVE-2021-37770?
Exploitation of CVE-2021-37770 could allow an attacker to execute arbitrary code on the server, compromising the security of the affected web application.
- agent/type
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/severity
- agent/author
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/nucleuscms
- canonical/nucleuscms
- version/nucleuscms/3.71