cbcvebase.
CVE-2021-44673
published 2022-03-10

CVE-2021-44673: A Remote Code Execution (RCE) vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malicoius user upload a web shell script.

PriorityP267high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
8.96%
94.6th percentile
A Remote Code Execution (RCE) vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malicoius user upload a web shell script.

Affected

2 ranges
VendorProductVersion rangeFixed in
croogocroogo
croogocroogo0 – 3.0.2

Detection & IOCsextracted from sources · hover to see the quote

urladmin/file-manager/attachments
  • Monitor for PHP web shell uploads to the Croogo file manager endpoint at 'admin/file-manager/attachments'. Any .php file uploaded via this path should be treated as malicious.
  • Detect multipart form-data POST requests to the file manager endpoint containing PHP script content (e.g., '<?php system(') in the file body, indicating web shell upload attempts.
  • The exploit uses a specific MIME boundary '-----------------------------7028631106888453201670373694' in the multipart upload request; this static boundary value can be used as a network signature.
  • The exploit is authenticated; monitor for authenticated sessions followed immediately by file upload activity to 'admin/file-manager/attachments' and subsequent GET requests to uploaded .php files in the attachments directory.
  • ·Exploitation requires prior authentication to the Croogo admin panel; unauthenticated attackers cannot directly exploit this vulnerability.
  • ·The exploit was tested specifically on Windows 10 Home Single Language 20H2 with WampServer 3.2.3; behavior on other OS/server stacks may differ.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.