Unrated severityNVD Advisory· Published Jun 21, 2021· Updated Aug 3, 2024
CVE-2021-31769
CVE-2021-31769
Description
MyQ Server in MyQ X Smart before 8.2 allows remote code execution by unprivileged users because administrative session data can be read in the %PROGRAMFILES%\MyQ\PHP\Sessions directory. The "Select server file" feature is only intended for administrators but actually does not require authorization. An attacker can inject arbitrary OS commands (such as commands to create new .php files) via the Task Scheduler component.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- MyQ Server/MyQ X Smartdescription
- Range: <8.2
Patches
Vulnerability mechanics
References
1- gist.github.com/bc0d3/6d55866a78f66569383241406e18794fmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.