4Mosan Gcb Doctor vulnerabilities
2 known vulnerabilities affecting 4mosan/gcb_doctor.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2
Vulnerabilities
Page 1 of 1
CVE-2021-42338P2CRITICALCVSS 9.8≤ 20210708≥ unspecified, ≤ 20210708(v2.0)2021-11-19
CVE-2021-42338 [CRITICAL] CWE-285 CVE-2021-42338: 4MOSAn GCB Doctor’s login page has improper validation of Cookie, which allows an unauthenticated re
4MOSAn GCB Doctor’s login page has improper validation of Cookie, which allows an unauthenticated remote attacker to bypass authentication by code injection in cookie, and arbitrarily manipulate the system or interrupt services by upload and execution of arbitrary files.
nvd
CVE-2021-44159P2CRITICALCVSS 9.8fixed in 2021-09-16≥ unspecified, ≤ 20210811(2.0)2021-12-20
CVE-2021-44159 [CRITICAL] CWE-434 CVE-2021-44159: 4MOSAn GCB Doctor’s file upload function has improper user privilege control. A remote attacker can
4MOSAn GCB Doctor’s file upload function has improper user privilege control. A remote attacker can upload arbitrary files including webshell files without authentication and execute arbitrary code in order to perform arbitrary system operations or deny of service attack.
nvd