CVE-2021-27963

March 11, 2021

SonLogger before 6.4.1 is affected by user creation with any user permissions profile (e.g., SuperAdmin). An anonymous user can send a POST request to /User/saveUser without any authentication or session header.

Summary:

SonLogger before 6.4.1 is affected by user creation with any user permissions profile (e.g., SuperAdmin). An anonymous user can send a POST request to /User/saveUser without any authentication or session header.

Reference Links(if available):

  • https://github.com/erberkan/SonLogger-vulns
  • https://www.sonlogger.com/releasenotes

  • CVSS Score (if available)

    v2: / MEDIUMAV:N/AC:L/Au:N/C:P/I:P/A:N

    v3: / HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

    Links to Exploits(if available)

  • Tags: , , , ,

    You may have missed

    359d364d607d2a420604f5ed0d65e1eceac077deb54d8fe37e6f5c66e52542af

    Espionage – A Linux Packet Sniffing Suite For Automated MiTM Attacks

    April 25, 2024
    CISA Logo

    CISA: CISA Releases Eight Industrial Control Systems Advisories

    April 25, 2024
    alerts

    Active Exploitation of Vulnerabilities in Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) Products.

    April 25, 2024
    image

    CACTUS Ransomware Victim: https://www[.]ghimli[.]com /

    April 25, 2024
    hkcert

    Cisco Products Multiple Vulnerabilities

    April 25, 2024