nvd-json-data-feeds/CVE-2021/CVE-2021-426xx/CVE-2021-42645.json

{
  "id": "CVE-2021-42645",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2022-05-10T12:15:08.477",
  "lastModified": "2022-05-16T17:04:21.887",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "CMSimple_XH 1.7.4 is affected by a remote code execution (RCE) vulnerability. To exploit this vulnerability, an attacker must use the \"File\" parameter to upload a PHP payload to get a reverse shell from the vulnerable host."
    },
    {
      "lang": "es",
      "value": "CMSimple_XH versi\u00f3n 1.7.4, est\u00e1 afectado por Una vulnerabilidad de Ejecuci\u00f3n de C\u00f3digo Remota (RCE). Para explotar esta vulnerabilidad, un atacante debe usar el par\u00e1metro \"File\" para cargar una carga \u00fatil de PHP para conseguir un shell inverso del host vulnerable"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "CHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 10.0,
          "baseSeverity": "CRITICAL"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.0
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-434"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:cmsimple-xh:cmsimple_xh:1.7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3F3194D-24AE-4ED8-A94D-15E2C42DFE5A"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/Net-hunter121/CMSimple_XH-Unauth-RCE",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://github.com/cmsimple-xh/cmsimple-xh/releases/tag/1.7.5",
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ]
    }
  ]
}