CVE-2021-28428

high-risk
Published 2022-04-05

File upload vulnerability in HorizontCMS before 1.0.0-beta.3 via uploading a .htaccess and *.hello files using the Media Files upload functionality. The original file upload vulnerability (CVE-2020-27387) was remediated by restricting the PHP extensions; however, we confirmed that the filter was bypassed via uploading an arbitrary .htaccess and *.hello files in order to execute PHP code to gain RCE.

Do I need to act?

-
0.43% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (11)

Horizontcms
Horizontcms
Horizontcms
Horizontcms
Horizontcms
Horizontcms
Horizontcms
Horizontcms
Horizontcms
Horizontcms
Horizontcms

Affected Vendors

Horizontcms Project

References (4)

Product https://github.com/ttimot24/HorizontCMS
Patch https://github.com/ttimot24/HorizontCMS/commit/9c4d6827cbe96decec6834d53660e14ab...
Product https://github.com/ttimot24/HorizontCMS
Patch https://github.com/ttimot24/HorizontCMS/commit/9c4d6827cbe96decec6834d53660e14ab...
50
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 2/34 · Minimal
Exposure 16/34 · Moderate