exploit-
intel
Search
Blog
Stats
Labs
Tools
Tools
EIP CLI Search Tool
EIP MCP Server
EIP REST API
API Rate Limits
About
About
About Exploit Intel
About Exploit Forge
Privacy Policy
RSS Feeds
Blog Posts
Recent CVEs
CVEs with Exploits
CISA KEV
Theme
Color Theme
Cyan
Amber
Milw0rm
Light Warm
Paper
Navy
Search
Blog
Statistics
Labs
Tools
EIP CLI Search Tool
EIP MCP Server
EIP REST API
API Rate Limits
About
About Exploit Forge
Privacy
Exploit Database
Researchers
CWE Categories
Vendors
Ecosystems
RSS Feeds
Blog Posts
Recent CVEs
CVEs with Exploits
CISA KEV
Follow:
Theme:
Home
/
Researchers
/
SchoolGuy
SchoolGuy
3
exploits
Active since Oct 2021
CVE-2021-40323
WRITEUP
CRITICAL
WRITEUP
Cobbler <3.3.0 - RCE
Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.
CVSS 9.8
View Code
CVE-2021-40324
WRITEUP
HIGH
WRITEUP
Cobbler <3.3.0 - Code Injection
Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data.
CVSS 7.5
View Code
CVE-2021-40325
WRITEUP
HIGH
WRITEUP
Cobbler <3.3.0 - Auth Bypass
Cobbler before 3.3.0 allows authorization bypass for modification of settings.
CVSS 7.5
View Code