Vulnerability-Lookup

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

Apply ordering (override relevance)

1 vulnerability by ARTWARE

CVE-2021-32538 (GCVE-0-2021-32538)

Vulnerability from cvelistv5 – Published: 2021-07-07 14:12 – Updated: 2024-09-17 04:29

Title

ARTWARE CMS - Unrestricted Upload of File

Summary

ARTWARE CMS parameter of image upload function does not filter the type of upload files which allows remote attackers can upload arbitrary files without logging in, and further execute code unrestrictedly.

Severity

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-434 - Unrestricted Upload of File with Dangerous Type

Assigner

twcert

References

1 reference

URL	Tags
https://www.twcert.org.tw/tw/cp-132-4850-9b53f-1.html	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
ARTWARE	CMS	Affected: unspecified , ≤ 2021/1/8 (custom)

Date Public

2021-07-02 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:25:30.310Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.twcert.org.tw/tw/cp-132-4850-9b53f-1.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "CMS",
          "vendor": "ARTWARE",
          "versions": [
            {
              "lessThanOrEqual": "2021/1/8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-07-02T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "ARTWARE CMS parameter of image upload function does not filter the type of upload files which allows remote attackers can upload arbitrary files without logging in, and further execute code unrestrictedly."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-434",
              "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-07T14:12:28.000Z",
        "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "shortName": "twcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.twcert.org.tw/tw/cp-132-4850-9b53f-1.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Contact tech support from ARTWARE."
        }
      ],
      "source": {
        "advisory": "TVN-202107001",
        "discovery": "EXTERNAL"
      },
      "title": "ARTWARE CMS - Unrestricted Upload of File",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "AKA": "TWCERT/CC",
          "ASSIGNER": "cve@cert.org.tw",
          "DATE_PUBLIC": "2021-07-02T10:57:00.000Z",
          "ID": "CVE-2021-32538",
          "STATE": "PUBLIC",
          "TITLE": "ARTWARE CMS - Unrestricted Upload of File"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "CMS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "2021/1/8"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "ARTWARE"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "ARTWARE CMS parameter of image upload function does not filter the type of upload files which allows remote attackers can upload arbitrary files without logging in, and further execute code unrestrictedly."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.twcert.org.tw/tw/cp-132-4850-9b53f-1.html",
              "refsource": "MISC",
              "url": "https://www.twcert.org.tw/tw/cp-132-4850-9b53f-1.html"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Contact tech support from ARTWARE."
          }
        ],
        "source": {
          "advisory": "TVN-202107001",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
    "assignerShortName": "twcert",
    "cveId": "CVE-2021-32538",
    "datePublished": "2021-07-07T14:12:28.979Z",
    "dateReserved": "2021-05-10T00:00:00.000Z",
    "dateUpdated": "2024-09-17T04:29:22.982Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}