In Kooboo CMS 2.1.1.0, it is possible to upload a remote shell (e.g., aspx) to the server and then call upon it to receive a reverse shell from the victim server. The files are uploaded to /Content/Template/root/reverse-shell.aspx and can be simply triggered by browsing that URL.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
http://kooboo.com | |
https://github.com/l00neyhacker/CVE-2021-36582 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-09-14T11:38:58
Updated: 2024-08-04T01:01:57.466Z
Reserved: 2021-07-12T00:00:00
Link: CVE-2021-36582
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2021-09-14T12:15:09.953
Modified: 2021-09-28T14:57:24.057
Link: CVE-2021-36582
Redhat
No data.