CVE-2021-44673
published 2022-03-10CVE-2021-44673: A Remote Code Execution (RCE) vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malicoius user upload a web shell script.
PriorityP267high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
8.96%
94.6th percentile
A Remote Code Execution (RCE) vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malicoius user upload a web shell script.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| croogo | croogo | — | — |
| croogo | croogo | 0 – 3.0.2 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for PHP web shell uploads to the Croogo file manager endpoint at 'admin/file-manager/attachments'. Any .php file uploaded via this path should be treated as malicious. ↗
- →Detect multipart form-data POST requests to the file manager endpoint containing PHP script content (e.g., '<?php system(') in the file body, indicating web shell upload attempts. ↗
- →The exploit uses a specific MIME boundary '-----------------------------7028631106888453201670373694' in the multipart upload request; this static boundary value can be used as a network signature. ↗
- →The exploit is authenticated; monitor for authenticated sessions followed immediately by file upload activity to 'admin/file-manager/attachments' and subsequent GET requests to uploaded .php files in the attachments directory. ↗
- ·Exploitation requires prior authentication to the Croogo admin panel; unauthenticated attackers cannot directly exploit this vulnerability. ↗
- ·The exploit was tested specifically on Windows 10 Home Single Language 20H2 with WampServer 3.2.3; behavior on other OS/server stacks may differ. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Unrestricted Upload of File with Dangerous Type in Croogo
ghsa·2022-03-11
CVE-2021-44673 [HIGH] CWE-434 Unrestricted Upload of File with Dangerous Type in Croogo
Unrestricted Upload of File with Dangerous Type in Croogo
A Remote Code Execution (RCE) vulnerability exists in Croogo 3.0.2 via admin/file-manager/attachments, which lets a malicious user upload a web shell script.
OSV
Unrestricted Upload of File with Dangerous Type in Croogo
osv·2022-03-11
CVE-2021-44673 [HIGH] Unrestricted Upload of File with Dangerous Type in Croogo
Unrestricted Upload of File with Dangerous Type in Croogo
A Remote Code Execution (RCE) vulnerability exists in Croogo 3.0.2 via admin/file-manager/attachments, which lets a malicious user upload a web shell script.
No detection rules found.
No writeups or analysis indexed.
2022-03-10
Published