CVE-2021-41646

moderate-risk
Published 2021-10-29

Remote Code Execution (RCE) vulnerability exists in Sourcecodester Online Reviewer System 1.0 by uploading a maliciously crafted PHP file that bypasses the image upload filters..

Do I need to act?

~
3.7% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (2)

Online Reviewer System
Online Reviewer System

Affected Vendors

Janobe Online Reviewer System Project

References (4)

Exploit https://www.exploit-db.com/exploits/50319
Exploit https://www.nu11secur1ty.com/2021/12/cve-2021-41646.html
Exploit https://www.exploit-db.com/exploits/50319
Exploit https://www.nu11secur1ty.com/2021/12/cve-2021-41646.html
46
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 7/34 · Low
Exposure 7/34 · Low