CVE-2021-28931
published 2021-07-07CVE-2021-28931: Arbitrary file upload vulnerability in Fork CMS 5.9.2 allows attackers to create or replace arbitrary files in the /themes directory via a crafted zip file…
PriorityP350high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.21%
64.6th percentile
Arbitrary file upload vulnerability in Fork CMS 5.9.2 allows attackers to create or replace arbitrary files in the /themes directory via a crafted zip file uploaded to the Themes panel.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fork-cms | fork_cms | — | — |
| forkcms | forkcms | >= 0 < 5.9.3 | 5.9.3 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Arbitrary file upload in Fork CMS
ghsa·2021-09-08
CVE-2021-28931 [HIGH] CWE-434 Arbitrary file upload in Fork CMS
Arbitrary file upload in Fork CMS
Arbitrary file upload vulnerability in Fork CMS 5.9.2 allows attackers to create or replace arbitrary files in the /themes directory via a crafted zip file uploaded to the Themes panel.
OSV
Arbitrary file upload in Fork CMS
osv·2021-09-08
CVE-2021-28931 [HIGH] Arbitrary file upload in Fork CMS
Arbitrary file upload in Fork CMS
Arbitrary file upload vulnerability in Fork CMS 5.9.2 allows attackers to create or replace arbitrary files in the /themes directory via a crafted zip file uploaded to the Themes panel.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-07-07
Published