← back
CVE-2021-27964

CVE-2021-27964

EPSS 46.0%
SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File Upload. An attacker can send a POST request to /Config/SaveUploadedHotspotLogoFile without any authentication or session header. There is no check for the file extension or content of the uploaded file.
Affected products
n/a · n/a
public PoCs found2
cve_referencepacketstormsecurity.com/files/161793/SonLogger-4.2.3.3-Shell-Upload.htmlunverifiedexploitdbwww.exploit-db.com/exploits/49651unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/161793/SonLogger-4.2.3.3-Shell-Upload.htmlhttps://github.com/erberkan/SonLogger-vulnshttps://www.sonlogger.com/releasenotes