CVE-2021-39392
First published: Wed Sep 15 2021(Updated: )
The management tool in MyLittleBackup up to and including 1.7 allows remote attackers to execute arbitrary code because machineKey is hardcoded (the same for all customers' installations) in web.config, and can be used to send serialized ASP code.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| MyLittleBackup | <=1.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-39392?
CVE-2021-39392 has a high severity rating due to the potential for remote code execution.
How do I fix CVE-2021-39392?
To fix CVE-2021-39392, update MyLittleBackup to version 1.8 or later, which addresses this vulnerability.
What kind of vulnerability is CVE-2021-39392?
CVE-2021-39392 is a remote code execution vulnerability caused by a hardcoded machineKey in the web.config file.
Who is affected by CVE-2021-39392?
All installations of MyLittleBackup up to and including version 1.7 are affected by CVE-2021-39392.
What are the potential impacts of CVE-2021-39392?
The potential impacts of CVE-2021-39392 include unauthorized execution of arbitrary code on affected systems.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/mylittletools
- canonical/mylittlebackup
- version/mylittlebackup/1.7