VYPR

GCB Doctor

by 4MOSAn

CVEs (2)

  • CVE-2021-44159CriDec 20, 2021
    risk 0.64cvss 9.8epss 0.03

    4MOSAn GCB Doctor’s file upload function has improper user privilege control. A remote attacker can upload arbitrary files including webshell files without authentication and execute arbitrary code in order to perform arbitrary system operations or deny of service attack.

  • CVE-2021-42338CriNov 19, 2021
    risk 0.64cvss 9.8epss 0.06

    4MOSAn GCB Doctor’s login page has improper validation of Cookie, which allows an unauthenticated remote attacker to bypass authentication by code injection in cookie, and arbitrarily manipulate the system or interrupt services by upload and execution of arbitrary files.