CVE-2021-27964

CRITICAL EXPLOITED NUCLEI

SonLogger - Arbitrary File Upload

Title source: nuclei
STIX 2.1

Exploitation Summary

CVE-2021-27964 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including Berkan Er. A Nuclei detection template is also available.

AI-analyzed exploit summary This Metasploit module exploits an unauthenticated arbitrary file upload vulnerability in SonLogger < 6.4.1 via insecure POST request, allowing RCE by uploading a malicious ASP file.

Description

SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File Upload. An attacker can send a POST request to /Config/SaveUploadedHotspotLogoFile without any authentication or session header. There is no check for the file extension or content of the uploaded file.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Berkan Er · rubywebappsmultiple
https://www.exploit-db.com/exploits/49651

This Metasploit module exploits an unauthenticated arbitrary file upload vulnerability in SonLogger < 6.4.1 via insecure POST request, allowing RCE by uploading a malicious ASP file.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: SonLogger < 6.4.1
No auth needed
Prerequisites: Network access to target · SonLogger service running on port 5000
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

SonLogger - Arbitrary File Upload
CRITICALby DhiyaneshDK
FOFA: body="SonLogger"

References (3)

Core 3
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/erberkan/SonLogger-vulns
Release Notes, Vendor Advisory x_refsource_misc
https://www.sonlogger.com/releasenotes
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/161793/SonLogger-4.2.3.3-Shell-Upload.html

Scores

CVSS v3 9.8
EPSS 0.8213
EPSS Percentile 99.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2024-01-22
CWE
CWE-434
Status published
Products (1)
sfcyazilim/sonlogger < 6.4.1
Published Mar 05, 2021
Tracked Since Feb 18, 2026