go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

Tad TadTools - Arbitrary File Upload

TVN ID TVN-202109031
CVE ID CVE-2021-41566
CVSS 9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products Tad TadTools <= v3.2.1
Description The file extension of the TadTools file upload function fails to filter, thus remote attackers can upload any types of files and execute arbitrary code without logging in.
Solution Update TadTools to 3.2.2
Credit Hsuan
Public Date 2021-10-08
Top