CVE-2021-30149
published 2021-04-06CVE-2021-30149: Composr 10.0.36 allows upload and execution of PHP files.
PriorityP270critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
10.06%
95.0th percentile
Composr 10.0.36 allows upload and execution of PHP files.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ocproducts | composr | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Attacker uploads a file via the 'Upload In Bulk' gallery function and tampers the HTTP request to change the file extension from .jpg to .php, bypassing server-side extension validation ↗
- →The standard galleries uploader correctly rejects PHP uploads with a 'hacking attempts' error; only the 'Upload In Bulk' code path is vulnerable — focus detection on that specific endpoint ↗
- →Alert on successful HTTP responses (e.g. 200/201) to Composr gallery upload endpoints where the uploaded filename ends in .php, indicating a bypassed extension check and potential webshell placement ↗
- ·The vulnerability affects specifically Composr CMS version 10.0.36; other versions are not confirmed vulnerable by the available sources ↗
- ·The bypass only works via the 'Upload In Bulk' gallery function; the standard gallery uploader correctly enforces the PHP extension block, so detection rules scoped only to the main uploader endpoint will miss exploitation ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2021-04-06
Published