CVE-2021-41976

Tad Uploader - Improper Authorization

CVSS 5.3 MEDIUMEPSS 1.0%CWE-285

Tad Uploader edit book list function is vulnerable to authorization bypass, thus remote attackers can use the function to amend the folder names in the book list without logging in.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Affected products

Tad · Uploader

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.twcert.org.tw/tw/cp-132-5175-a2f8d-1.html