{"vulnerability": "cve-2021-28132", "sightings": [{"uuid": "5472cb3d-65b0-4edf-99f8-ef2b3dc80c4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-28132", "type": "seen", "source": "https://t.me/cibsecurity/24748", "content": "\u203c CVE-2021-28132 \u203c\n\nLUCY Security Awareness Software through 4.7.x allows unauthenticated remote code execution because the Migration Tool (in the Support section) allows upload of .php files within a system.tar.gz file. The .php file becomes accessible with a public/system/static URI.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-03-11T12:53:58.000000Z"}]}