Unrated severityNVD Advisory· Published Mar 11, 2021· Updated Aug 3, 2024

CVE-2021-28132

Description

LUCY Security Awareness Software through 4.7.x allows unauthenticated remote code execution because the Migration Tool (in the Support section) allows upload of .php files within a system.tar.gz file. The .php file becomes accessible with a public/system/static URI.

Affected products

LUCY/Security Awareness Softwaredescription
LUCY Security/Security Awareness Softwarellm-create
Range: <=4.7.x

Patches

Vulnerability mechanics

References

abuyv.com/cve/lucy-file-upload-RCEmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000