CVE-2021-41566

Summary

The file extension of the TadTools file upload function fails to filter, thus remote attackers can upload any types of files and execute arbitrary code without logging in.

Affected Software

VendorProductVersion RangeStatus
TadTadTools0 <= 3.2.1affected

Weaknesses

  • CWE-434: CWE-434 Unrestricted Upload of File with Dangerous Type

ADP Enrichment

CVE Program Container

Additional References

References