CVE-2021-41975
HIGHTadTools < 3.2.2 - Unauthenticated Arbitrary File Deletion via Special Page Parameter
Title source: llmDescription
TadTools special page is vulnerable to authorization bypass, thus remote attackers can use the specific parameter to delete arbitrary files in the system without logging in.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://www.twcert.org.tw/tw/cp-132-5174-6f1d5-1.html
Scores
CVSS v3
7.5
EPSS
0.0130
EPSS Percentile
66.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-285
CWE-306
Status
published
Products (1)
tadtools_project/tadtools
< 3.2.2
Published
Oct 08, 2021
Tracked Since
Feb 18, 2026