CVE-2021-41975
Description
TadTools special page is vulnerable to authorization bypass, thus remote attackers can use the specific parameter to delete arbitrary files in the system without logging in.
CvssV3 impact
Version | 3.1 |
VectorString | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H |
AttackVector | NETWORK |
AttackComplexity | LOW |
PrivilegesRequired | NONE |
UserInteraction | NONE |
Scope | UNCHANGED |
ConfidentialityImpact | NONE |
IntegrityImpact | HIGH |
AvailabilityImpact | HIGH |
BaseScore | 9.1 |
BaseSeverity | CRITICAL |
CvssV2 impact
AccessComplexity | LOW |
ConfidentialityImpact | NONE |
AvailabilityImpact | PARTIAL |
IntegrityImpact | PARTIAL |
BaseScore | 6.4 |
VectorString | AV:N/AC:L/Au:N/C:N/I:P/A:P |
Version | 2.0 |
AccessVector | NETWORK |
Authentication | NONE |