Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2021-42342

Published: 14/10/2021 Updated: 20/10/2021
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Embedthis

Vulnerability Summary

An issue exists in GoAhead 4.x and 5.x prior to 5.1.5. In the file upload filter, user form variables can be passed to CGI scripts without being prefixed with the CGI prefix. This permits tunneling untrusted environment variables into vulnerable CGI scripts.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

embedthis goahead

Github Repositories

goahead-webserver-pre-5.1.5-RCE-PoC-CVE-2021-42342-

Goahead webserver (pre v515) RCE PoC (CVE-2021-42342) A recent bug in Goahead Webserver was discovered by William Bowling which leads to RCE on the exploited server The issue exists prior to version 515 which, according to Shodan covers around 28mio servers on the internet A CVS is available now [nvdnistgov/vuln/detail/CVE-2021-42342] The RCE is caused by the t

CVE-2021-42342

CVE-2021-42342 CVE-2021-42342 RCE POC1:just prints #include <stdioh> #include <sys/typesh> #include <stdlibh> #include <unistdh> static void before_main(void) __attribute__((constructor)); static void before_main(void) { write(1, "Hello World!\n", 14); } POC2: rever

vulns-2022

搜集2022年的漏洞 命令执行 TerraMaster TOS session 伪造、任意⽂件读取、远程命令执⾏等多个漏洞 H2 数据库控制台未授权 RCE (CVE-2021-42392) Atlassian Jira Server and Data Center 授权RCE漏洞 (CVE-2021-43947) 代码执行 GoAhead 远程代码执⾏漏洞 (CVE-2021-42342) SQL注入 wordpress SQL注入漏洞 (CVE-2022–21661)

Vulhub-Reproduce 【免责声明】本仓库所涉及的技术、思路和工具仅供安全技术研究,任何人不得将其用于非授权渗透测试,不得将其用于非法用途和盈利,否则后果自行承担。 Vulhub漏洞复现,不定时更新。感谢@Vulhub提供开源漏洞靶场。 0x01 项目导航 Adobe ColdFusion 反序列化漏洞 CVE-2017-3066 Ado

PoC in GitHub 2022 CVE-2022-0185 (2022-02-11) A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a f

PoC in GitHub 2022 CVE-2022-0185 (2022-02-11) A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a f

PoC in GitHub 2022 CVE-2022-0185 (2022-02-11) A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a f

References

CWE-434https://github.com/embedthis/goahead/issues/305https://github.com/kimusan/goahead-webserver-pre-5.1.5-RCE-PoC-CVE-2021-42342-https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-25675CVE-2023-21072physicalCVE-2023-28446encryptionCVE-2023-21076server-side request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook