CVE-2021-41566
CRITICALtadtools < 3.2.2 - Unauthenticated Arbitrary File Upload and Remote Code Execution
Title source: llmDescription
The file extension of the TadTools file upload function fails to filter, thus remote attackers can upload any types of files and execute arbitrary code without logging in.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://www.twcert.org.tw/tw/cp-132-5170-83472-1.html
Scores
CVSS v3
9.8
EPSS
0.0194
EPSS Percentile
77.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-434
Status
published
Products (1)
tadtools_project/tadtools
< 3.2.2
Published
Oct 08, 2021
Tracked Since
Feb 18, 2026