Unrated severityNVD Advisory· Published Aug 12, 2021· Updated Aug 4, 2024
CVE-2021-38366
CVE-2021-38366
Description
Sitecore through 10.1, when Update Center is enabled, allows remote authenticated users to upload arbitrary files and achieve remote code execution by visiting an uploaded .aspx file at an admin/Packages URL.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Sitecore/Sitecoredescription
Patches
Vulnerability mechanics
References
1- blog.istern.dk/2021/08/10/sitecore-10-authenticated-file-upload-to-rce/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.