CVE-2021-40323
CRITICAL NUCLEICobbler <3.3.0 - RCE
Title source: llmDescription
Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.
Exploits (1)
github
WORKING POC
4 stars
by tnpitsecurity · poc
https://github.com/tnpitsecurity/CVEs/tree/master/CVE-2021-40323-40324
Nuclei Templates (1)
Cobbler <3.3.0 - Remote Code Execution
CRITICALby c-sh0
Shodan:
http.title:"cobbler web interface"
FOFA:
title="cobbler web interface"
Scores
CVSS v3
9.8
EPSS
0.9317
EPSS Percentile
99.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-94
Status
published
Products (2)
cobbler_project/cobbler
< 3.3.0
pypi/cobbler
0 - 3.3.0PyPI
Published
Oct 04, 2021
Tracked Since
Feb 18, 2026