Published: 01/02/2021 Updated: 31/03/2021

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a "Content-Type: image/png" header to Config/SaveUploadedHotspotLogoFile and then visiting Assets/temp/hotspot/img/logohotspot.asp.

Vulnerable Product	Search on Vulmon	Subscribe to Product
fortilogger fortilogger

This Metasploit module exploits an unauthenticated arbitrary file upload via an insecure POST request to Fortilogger It has been tested on version 4422 in Windows 10 Enterprise ...

This Metasploit module exploits an unauthenticated arbitrary file upload in FortiLogger via an insecure POST request It has been tested on versions prior to 520 in Windows 10 Enterprise ...

CVE-2021-3378 | FortiLogger - Unauthenticated Arbitrary File Upload (Metasploit)

CVE-2021-3378 | FortiLogger - Unauthenticated Arbitrary File Upload (Metasploit) Date: 30-01-2021 Exploit Author: Berkan Er b3rsec@protonmailcom Vendor Homepage: wwwfortiloggercom/ Software Link: wwwfortiloggercom/download Version: 4422 Tested on: Windows 10 Enterprise x64 CVE: 2021-3378 Disclosure Date: 26-02-2021 This module exploits an unauthenticat

CWE-434 http://packetstormsecurity.com/files/161601/FortiLogger-4.4.2.2-Arbitrary-File-Upload.html http://packetstormsecurity.com/files/161974/FortiLogger-Arbitrary-File-Upload.html https://github.com/erberkan/fortilogger_arbitrary_fileupload https://nvd.nist.gov https://github.com/erberkan/fortilogger_arbitrary_fileupload https://packetstormsecurity.com/files/161601/FortiLogger-4.4.2.2-Arbitrary-File-Upload.html

CVE-2021-3378

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect