CVE-2021-36582

Published: Sep 14, 2021Modified: Jun 17, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

In Kooboo CMS 2.1.1.0, it is possible to upload a remote shell (e.g., aspx) to the server and then call upon it to receive a reverse shell from the victim server. The files are uploaded to /Content/Template/root/reverse-shell.aspx and can be simply triggered by browsing that URL.

Affected (1)

Products: Kooboo: Kooboo Cms

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Kooboo Kooboo Cms	Version 2.1.1.0

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (4)

http://kooboo.com

Source: cve@mitre.org

Vendor Advisory

https://github.com/l00neyhacker/CVE-2021-36582

Source: cve@mitre.org

Third Party Advisory

http://kooboo.com

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://github.com/l00neyhacker/CVE-2021-36582

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.