Unrated severityNVD Advisory· Published Aug 12, 2021· Updated Aug 3, 2024
CVE-2021-33199
CVE-2021-33199
Description
In Expression Engine before 6.0.3, addonIcon in Addons/file/mod.file.php relies on the untrusted input value of input->get('file') instead of the fixed file names of icon.png and icon.svg.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Expression Engine/Expression Enginedescription
- Range: <6.0.3
Patches
Vulnerability mechanics
References
2- github.com/ExpressionEngine/ExpressionEngine/compare/6.0.1...6.0.3mitrex_refsource_MISC
- github.com/ExpressionEngine/ExpressionEngine/releases/tag/6.0.3mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.