High severity7.2NVD Advisory· Published Jun 30, 2022· Updated Jun 17, 2026
CVE-2021-37770
CVE-2021-37770
Description
Nucleus CMS v3.71 is affected by a file upload vulnerability. In this vulnerability, we can use upload to change the upload path to the path without the Htaccess file. Upload an Htaccess file and write it to AddType application / x-httpd-php.jpg. In this way, an attacker can upload a picture with shell, treat it as PHP, execute commands, so as to take down website resources.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: =3.71
Patches
Vulnerability mechanics
References
2- github.com/NucleusCMS/NucleusCMS/issues/96nvdExploitIssue TrackingThird Party Advisory
- shimo.im/docs/Ch9CphJt8XwTvQ3dnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.