CVE-2021-28428

File upload vulnerability in HorizontCMS before 1.0.0-beta.3 via uploading a .htaccess and *.hello files using the Media Files upload functionality. The original file upload vulnerability (CVE-2020-27387) was remediated by restricting the PHP extensions; however, we confirmed that the filter was bypassed via uploading an arbitrary .htaccess and *.hello files in order to execute PHP code to gain RCE.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 60%
VendorProductVersion
horizontcms_projecthorizontcms
1.0.0
horizontcms_projecthorizontcms
1.0.0:alpha
horizontcms_projecthorizontcms
1.0.0:alpha2
horizontcms_projecthorizontcms
1.0.0:alpha3
horizontcms_projecthorizontcms
1.0.0:alpha4
horizontcms_projecthorizontcms
1.0.0:alpha5
horizontcms_projecthorizontcms
1.0.0:alpha6
horizontcms_projecthorizontcms
1.0.0:alpha7
horizontcms_projecthorizontcms
1.0.0:alpha8
horizontcms_projecthorizontcms
1.0.0:beta
horizontcms_projecthorizontcms
1.0.0:beta2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/ttimot24/HorizontCMS
https://github.com/ttimot24/HorizontCMS/commit/9c4d6827cbe96decec6834d53660e14ab2bf8838
https://github.com/ttimot24/HorizontCMS
https://github.com/ttimot24/HorizontCMS/commit/9c4d6827cbe96decec6834d53660e14ab2bf8838