CVE-2021-31769 – MyQ Server in MyQ X Smart before 8.2 allows remote code execution by unprivileged users be …

21 June 2021

Vuln ID: CVE-2021-31769

Published: 2021-06-21 11:15:07Z

Description: MyQ Server in MyQ X Smart before 8.2 allows remote code execution by unprivileged users because administrative session data can be read in the %PROGRAMFILES%MyQPHPSessions directory. The "Select server file" feature is only intended for administrators but actually does not require authorization. An attacker can inject arbitrary OS commands (such as commands to create new .php files) via the Task Scheduler component.

Source: NVD.NIST.GOV

Date:

21 June 2021

Categorie(s):

NVD

Tag(s):

NVD

In memoriam: Steven Young, respected CISO and former Cybersecurity Collaborative VP19 April 2024
The Biggest Deepfake Porn Website Is Now Blocked in the UK19 April 2024
The MSSP perspective: CISO insights into stronger security19 April 2024
66% of IT leaders doubt the government can defend against cyberwarfare19 April 2024
FBI chief says Chinese hackers have infiltrated critical US infrastructure19 April 2024