{"uuid": "c5f9437d-0cb5-4d0e-ba8a-0ab4c91e6e4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-28474", "type": "published-proof-of-concept", "source": "https://t.me/ptswarm/52", "content": "CVE-2021-28474: SHAREPOINT RCE VIA SERVER-SIDE CONTROL INTERPRETATION CONFLICT\n\ud83d\udc64 by @thezdi\n\nThe vulnerability allows authenticated users to execute arbitrary .NET code on the server in the context of the service account of the SharePoint web application. By default, authenticated SharePoint users have all necessary permissions.\n\n\ud83d\udcdd Contents:\n \u2022 The Vulnerability\n \u2022 Exploitation\n \u2022 Proof of Concept\n \u2022 Getting Remote Code Execution\n \u2022 Conclusion\n\nhttps://www.zerodayinitiative.com/blog/2021/7/7/cve-2021-28474-sharepoint-remote-code-execution-via-server-side-control-interpretation-conflict", "creation_timestamp": "2021-07-09T08:53:02.000000Z"}