CVE-2021-28271

HIGH

Soyal Technologies SOYAL 701Server 9.0.1 - Privilege Escalation

Title source: llm

Description

Soyal Technologies SOYAL 701Server 9.0.1 suffers from an elevation of privileges vulnerability which can be used by an authenticated user to change the executable file with a binary choice. The vulnerability is due to improper permissions with the 'F' flag (Full) for 'Everyone'and 'Authenticated Users' group.

Exploits (1)

exploitdb WRITEUP

by LiquidWorm · textlocalwindows

https://www.exploit-db.com/exploits/49678

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory] https://www.zeroscience.mk/en/vulnerabilities

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/49678

[Exploit, Third Party Advisory] https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5633.php

Scores

CVSS v3 8.8

EPSS 0.0242

EPSS Percentile 85.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-276

Status published

Products (3)

soyal/701clientsql 10.0 - 10.2

soyal/701server < 9.0.2

soyal/701serversql 10.0 - 10.2

Published Apr 27, 2021

Tracked Since Feb 18, 2026