{"uuid": "5a678c76-6284-416b-ab92-f159557cb717", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-31181", "type": "published-proof-of-concept", "source": "https://t.me/ptswarm/45", "content": "CVE-2021-31181: MicroSoft SharePoint webpart interpretation conflict RCE vulnerability \n\nTo quote @thezdi: \"this vulnerability could be used by an authenticated user to execute arbitrary code on the server in the context of the service account of the SharePoint web application. For a successful attack, the attacker must have SPBasePermissions.ManageLists permissions on any SharePoint site. By default, any authenticated user can create their own site where they have the necessary permission.\"\n\nContents:\n \u2022 The Vulnerability\n \u2022 Proof of Concept\n \u2022 Getting Remote Code Execution\n \u2022 Conclusion\n\nhttps://www.zerodayinitiative.com/blog/2021/6/1/cve-2021-31181-microsoft-sharepoint-webpart-interpretation-conflict-remote-code-execution-vulnerability", "creation_timestamp": "2021-06-03T07:14:15.000000Z"}