VYPR

Security Awareness Software

by LUCY

CVEs (1)

  • CVE-2021-28132CriMar 11, 2021
    risk 0.64cvss 9.8epss 0.03

    LUCY Security Awareness Software through 4.7.x allows unauthenticated remote code execution because the Migration Tool (in the Support section) allows upload of .php files within a system.tar.gz file. The .php file becomes accessible with a public/system/static URI.