CVE-2021-26704

EPrints 3.4.2 allows remote attackers to execute arbitrary commands via crafted input to the verb parameter in a cgi/toolbox/toolbox URI.

Summary:

EPrints 3.4.2 allows remote attackers to execute arbitrary commands via crafted input to the verb parameter in a cgi/toolbox/toolbox URI.

Reference Links(if available):

  • https://github.com/grymer/CVE/blob/master/eprints_security_review.pdf
  • https://files.eprints.org/2549/
  • https://files.eprints.org/2548/
  • CVSS Score (if available)

    v2: / MEDIUM

    v3: /

    Links to Exploits(if available)