Published: 11/11/2021 Updated: 12/07/2022

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 801

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

LiquidFiles prior to 3.6.3 allows remote malicious users to elevate their privileges from Admin (or User Admin) to Sysadmin.

Vulnerable Product	Search on Vulmon	Subscribe to Product
liquidfiles liquidfiles

LiquidFiles version 3513 suffers from a privilege escalation vulnerability The LiquidFiles API allows a User Admin to access keys for System Administrators ...

Dear Full Disclosure Team, This is to ask you to kindly update our responsible disclosure Following the updated advisory =============================================================================== title: LiquidFiles Privilege Escalation product: LiquidFiles v3513 vulnerability type: Privilege Escalat ...

Dear Full Disclosure Team, This is to submit a full disclosure for the following vulnerability discovered for product LiquidFiles 3513 =============================================================================== title: LiquidFiles Privilege Escalation product: LiquidFiles v3513 vulnerability type: Pr ...

CWE-522 https://man.liquidfiles.com/release_notes/version_3-6-x.html https://forum.liquidfiles.com/forums/news.6/http://packetstormsecurity.com/files/164997/LiquidFiles-3.5.13-Privilege-Escalation.html http://seclists.org/fulldisclosure/2021/Nov/40 http://seclists.org/fulldisclosure/2021/Nov/52 https://nvd.nist.gov https://packetstormsecurity.com/files/164997/LiquidFiles-3.5.13-Privilege-Escalation.html

CVE-2021-43397

Vulnerability Summary

Vulnerability Trend

Exploits

Mailing Lists

References

Vulmon Search

About

Products

Connect