CVE-2021-44164
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Chain Sea ai chatbot system’s file upload function has insufficient filtering for special characters in URLs, which allows a remote attacker to by-pass file type validation, upload malicious script and execute arbitrary code without authentication, in order to take control of the system or terminate service.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Chain Sea Information Integration Co., Ltd | ai chatbot system | 0 | unknown |
Weaknesses
- CWE-434: CWE-434 Unrestricted Upload of File with Dangerous Type
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.