CVE-2021-42342Unrestricted File Upload in Goahead

CWE-434Unrestricted File Upload3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
77.6%
top 1.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Embedthis Goahead
Timeline
PublishedOct 14
Latest updateMay 24

Description

An issue was discovered in GoAhead 4.x and 5.x before 5.1.5. In the file upload filter, user form variables can be passed to CGI scripts without being prefixed with the CGI prefix. This permits tunneling untrusted environment variables into vulnerable CGI scripts.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDembedthis/goahead5.0.05.1.5+1

🔴Vulnerability Details

2
GHSA
GHSA-xrrx-hrm6-mxr7: An issue was discovered in GoAhead 42022-05-24
CVEList
CVE-2021-42342: An issue was discovered in GoAhead 42021-10-14
CVE-2021-42342 — Unrestricted File Upload in Goahead | cvebase