go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

Tad TadTools - Improper Authorization

TVN ID TVN-202109037
CVE ID CVE-2021-41975
CVSS 7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products Tad TadTools <= v3.2.1
Description TadTools special page is vulnerable to authorization bypass, thus remote attackers can use the specific parameter to delete arbitrary files in the system without logging in.
Solution Update TadTools version to 3.2.2
Credit Hsuan
Public Date 2021-10-08

Links

  1. CVE-2021-41975
Top