avatar

@b3rsec

  • @erberkan
  • /u/
  • https://erberkan.github.io/
  • erberkan
    • Who am I ?

    Overview

    3

    total CVE

    HIGH
    1
    CRITICAL
    2
    MEDIUM
    0
    LOW
    0
    NONE
    0

    Latest CVEs

    8.2

    CVSS3.1

    CVE-2021-27963 -

    SonLogger before 6.4.1 is affected by user creation with any user permissions profile (e.g., SuperAdmin). An anonymous user can send a POST request to /User/saveUser without any authentication or session header.

    📅 Published: March 5, 2021, 1:37 a.m. 🔄 Last Modified: Nov. 21, 2024, 5:58 a.m.

    9.8

    CVSS3.1

    CVE-2021-27964 -

    SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File Upload. An attacker can send a POST request to /Config/SaveUploadedHotspotLogoFile without any authentication or session header. There is no check for the file extension or content of the uploaded file.

    📅 Published: March 5, 2021, 1:37 a.m. 🔄 Last Modified: Nov. 21, 2024, 5:58 a.m.

    9.8

    CVSS3.1

    CVE-2021-3378 -

    FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a "Content-Type: image/png" header to Config/SaveUploadedHotspotLogoFile and then visiting Assets/temp/hotspot/img/logohotspot.asp.

    📅 Published: Feb. 1, 2021, 10:08 p.m. 🔄 Last Modified: Nov. 21, 2024, 6:21 a.m.
    See all CVEs of