CVE-2021-46113

In MartDevelopers KEA-Hotel-ERP open source as of 12-31-2021, a remote code execution vulnerability can be exploited by uploading PHP files using the file upload vulnerability in this service.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
VendorProductVersion
kea-hotel-erp_projectkea-hotel-erp
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://blog.pocas.kr/posts/rce-KEA-Hotel-ERP/
https://gist.github.com/P0cas/5aa55f62781364a750ac4a4d47f319fa#cve-2021-46113
https://www.youtube.com/watch?v=gnSMrvV5e9w
https://blog.pocas.kr/posts/rce-KEA-Hotel-ERP/
https://gist.github.com/P0cas/5aa55f62781364a750ac4a4d47f319fa#cve-2021-46113
https://www.youtube.com/watch?v=gnSMrvV5e9w