CVE-2021-39274

CRITICAL

Xerosecurity Sn1per - Incorrect Default Permissions

Title source: rule

Description

In XeroSecurity Sn1per 9.0 (free version), insecure directory permissions (0777) are set during installation, allowing an unprivileged user to modify the main application and the application configuration file. This results in arbitrary code execution with root privileges.

References (3)

Core 3

Core References

Release Notes, Third Party Advisory x_refsource_misc

https://github.com/1N3/Sn1per/releases

Exploit, Third Party Advisory x_refsource_misc

https://github.com/nikip72/CVE-2021-39273-CVE-2021-39274

View Exploit ZIP pw:eip

Exploit, Third Party Advisory x_refsource_misc

https://github.com/1N3/Sn1per/issues/357

Scores

CVSS v3 9.8

EPSS 0.0068

EPSS Percentile 71.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-276

Status published

Products (1)

xerosecurity/sn1per 9.0

Published Aug 19, 2021

Tracked Since Feb 18, 2026