CVE-2021-29281

CRITICAL

GFI Archiver < 15.2 - Unrestricted File Upload

Title source: rule

Description

File upload vulnerability in GFI Mail Archiver versions up to and including 15.1 via insecure implementation of Telerik Web UI plugin which is affected by CVE-2014-2217, and CVE-2017-11317.

Exploits (1)

exploitdb WORKING POC

by Amin Bohio · pythonwebappsmultiple

https://www.exploit-db.com/exploits/50181

View Code ZIP pw:eip

References (5)

[Exploit, Third Party Advisory] https://aminbohio.com/gfi-mail-archiver-15-1-telerik-ui-component-arbitrary-file-upload-unauthenticated-exploit/

[Technical Description, Third Party Advisory] https://cwe.mitre.org/data/definitions/434.html

[Technical Description, Third Party Advisory] https://owasp.org/www-community/vulnerabilities/Unrestricted_File_Upload

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/50181

[Product] https://www.gfi.com/products-and-solutions/network-security-solutions/gfi-archiver

Scores

CVSS v3 9.8

EPSS 0.0356

EPSS Percentile 87.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (1)

gfi/archiver < 15.2

Published Jul 07, 2022

Tracked Since Feb 18, 2026