FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a "Content-Type: image/png" header to Config/SaveUploadedHotspotLogoFile and then visiting Assets/temp/hotspot/img/logohotspot.asp.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/161601/FortiLogger-4.4.2.2-Arbitrary-File-Upload.html | Exploit Third Party Advisory VDB Entry |
http://packetstormsecurity.com/files/161974/FortiLogger-Arbitrary-File-Upload.html | Exploit Third Party Advisory VDB Entry |
https://github.com/erberkan/fortilogger_arbitrary_fileupload | Exploit Third Party Advisory |
Configurations
History
31 Mar 2021, 12:56
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) http://packetstormsecurity.com/files/161974/FortiLogger-Arbitrary-File-Upload.html - Exploit, Third Party Advisory, VDB Entry | |
References | (MISC) http://packetstormsecurity.com/files/161601/FortiLogger-4.4.2.2-Arbitrary-File-Upload.html - Exploit, Third Party Advisory, VDB Entry |
25 Mar 2021, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Mar 2021, 18:46
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:fortilogger:fortilogger:*:*:*:*:*:*:*:* | |
References |
|
04 Feb 2021, 19:00
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://github.com/erberkan/fortilogger_arbitrary_fileupload - Exploit, Third Party Advisory | |
CPE | cpe:2.3:a:fortilogger:fortilogger:4.4.2.2:*:*:*:*:*:*:* | |
CWE | CWE-434 | |
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
01 Feb 2021, 23:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-02-01 23:15
Updated : 2023-12-10 13:41
NVD link : CVE-2021-3378
Mitre link : CVE-2021-3378
CVE.ORG link : CVE-2021-3378
JSON object : View
Products Affected
fortilogger
- fortilogger
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type