CVE-2021-33558

HIGH EXPLOITED IN THE WILD RANSOMWARE NUCLEI

Boa 0.94.13 - Info Disclosure

Title source: llm

Description

Boa 0.94.13 allows remote attackers to obtain sensitive information via a misconfiguration involving backup.html, preview.html, js/log.js, log.html, email.html, online-users.html, and config.js. NOTE: multiple third parties report that this is a site-specific issue because those files are not part of Boa.

Exploits (2)

nomisec WORKING POC 3 stars

by mdanzaruddin · infoleak

https://github.com/mdanzaruddin/CVE-2021-33558.

View Code ZIP pw:eip

nomisec SUSPICIOUS 1 stars

by anldori · infoleak

https://github.com/anldori/CVE-2021-33558

View Code ZIP pw:eip

Nuclei Templates (1)

Boa 0.94.13 - Information Disclosure

HIGHby DhiyaneshDK

Shodan: Server: Boa/0.94.13

FOFA: Server: Boa/0.94.13

References (3)

[Exploit, Third Party Advisory] https://github.com/mdanzaruddin/CVE-2021-33558.

[Issue Tracking, Third Party Advisory] https://github.com/mdanzaruddin/CVE-2021-33558./issues/1

[Release Notes, Third Party Advisory] https://sourceforge.net/projects/boa/files/boa/0.94.13/

Scores

CVSS v3 7.5

EPSS 0.8748

EPSS Percentile 99.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

VulnCheck KEV 2023-02-14

InTheWild.io 2023-02-15

Ransomware Use Confirmed

Status published

Products (1)

boa/boa 0.94.13

Published May 27, 2021

Tracked Since Feb 18, 2026