Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2021-26551

Published: 09/02/2021 Updated: 18/02/2021
CVSS v2 Base Score: 6 | Impact Score: 6.4 | Exploitability Score: 6.8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 534
Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P
Subscribe to Smartfoxserver

Vulnerability Summary

An issue exists in SmartFoxServer 2.17.0. An attacker can execute arbitrary Python code, and bypass the javashell.py protection mechanism, by creating /config/ConsoleModuleUnlock.txt and editing /config/admin/admintool.xml to enable the Console module.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

smartfoxserver smartfoxserver 2.17.0

Exploits

Exploit DB: SmartFoxServer 2X 2.17.0 Remote Code Execution
SmartFoxServer 2X version 2170 suffers from a God Mode Console remote code execution vulnerability ...

References

CWE-94http://packetstormsecurity.com/files/161340/SmartFoxServer-2X-2.17.0-Remote-Code-Execution.htmlhttps://www.smartfoxserver.comhttps://www.zeroscience.mk/en/vulnerabilities/https://nvd.nist.govhttps://packetstormsecurity.com/files/161340/SmartFoxServer-2X-2.17.0-Remote-Code-Execution.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook