SchoolGuy

3 exploits Active since Oct 2021
CVE-2021-40323 WRITEUP CRITICAL WRITEUP
Cobbler < 3.3.0 - Remote Code Execution via XMLRPC Log Poisoning
Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.
CVSS 9.8
CVE-2021-40324 WRITEUP HIGH WRITEUP
cobbler < 3.3.0 - Arbitrary File Write via upload_log_data
Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data.
CVSS 7.5
CVE-2021-40325 WRITEUP HIGH WRITEUP
Cobbler < 3.3.0 - Authorization Bypass for Settings Modification
Cobbler before 3.3.0 allows authorization bypass for modification of settings.
CVSS 7.5