CVE-2021-36581

CRITICAL

Kooboo CMS 2.1.1.0 - Code Injection

Title source: llm

Description

Kooboo CMS 2.1.1.0 is vulnerable to Insecure file upload. It is possible to upload any file extension to the server. The server does not verify the extension of the file and the tester was able to upload an aspx to the server.

References (2)

Core 2

Core References

Permissions Required, Vendor Advisory x_refsource_misc

http://kooboo.com

Third Party Advisory x_refsource_misc

https://github.com/l00neyhacker/CVE-2021-36581/

View Writeup ZIP pw:eip

Scores

CVSS v3 9.8

EPSS 0.0054

EPSS Percentile 67.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (1)

kooboo/kooboo_cms 2.1.1.0

Published Sep 14, 2021

Tracked Since Feb 18, 2026