CVE-2021-27964 – SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File Upload. An attacker c …

Vuln ID: CVE-2021-27964

Published:  2021-03-05  02:15:12Z

Description: SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File Upload. An attacker can send a POST request to /Config/SaveUploadedHotspotLogoFile without any authentication or session header. There is no check for the file extension or content of the uploaded file.

Source: NVD.NIST.GOV

 


Date:

Categorie(s):

Tag(s):