CVE-2021-42675

CVE-2021-42675

EPSS 3.0%

Kreado Kreasfero 1.5 does not properly sanitize uploaded files to the media directory. One can upload a malicious PHP file and obtain remote code execution.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://kreado.com http://kreasfero.com https://twitter.com/1ofThegutHakrs/status/1536246485188128768