cbcvebase.
CVE-2021-30149
published 2021-04-06

CVE-2021-30149: Composr 10.0.36 allows upload and execution of PHP files.

PriorityP270critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
10.06%
95.0th percentile
Composr 10.0.36 allows upload and execution of PHP files.

Affected

1 ranges
VendorProductVersion rangeFixed in
ocproductscomposr

Detection & IOCsextracted from sources · hover to see the quote

  • Attacker uploads a file via the 'Upload In Bulk' gallery function and tampers the HTTP request to change the file extension from .jpg to .php, bypassing server-side extension validation
  • The standard galleries uploader correctly rejects PHP uploads with a 'hacking attempts' error; only the 'Upload In Bulk' code path is vulnerable — focus detection on that specific endpoint
  • Alert on successful HTTP responses (e.g. 200/201) to Composr gallery upload endpoints where the uploaded filename ends in .php, indicating a bypassed extension check and potential webshell placement
  • ·The vulnerability affects specifically Composr CMS version 10.0.36; other versions are not confirmed vulnerable by the available sources
  • ·The bypass only works via the 'Upload In Bulk' gallery function; the standard gallery uploader correctly enforces the PHP extension block, so detection rules scoped only to the main uploader endpoint will miss exploitation

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.