CVE-2021-38697

Published: Jan 18, 2022Modified: Jun 17, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

SoftVibe SARABAN for INFOMA 1.1 allows Unauthenticated unrestricted File Upload, that allows attackers to upload files with any file extension which can lead to arbitrary code execution.

Affected (1)

Products: Softvibe: Saraban

Softvibe

1 product

Saraban

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Softvibe Saraban	Version 1.1

Related CWEs

CWE-434

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (8)

http://www.infoma.net/index.php/saraban/

Source: cve@mitre.org

Product

https://orangeo.tech/post/2021/12/24/First-CVEs.html

Source: cve@mitre.org

ExploitThird Party AdvisoryURL Repurposed

https://play.google.com/store/apps/details?id=th.co.softvibe.saraban&hl=en&gl=US

Source: cve@mitre.org

Product

https://sawatdee.github.io/post/2021/12/24/First-CVEs.html

Source: cve@mitre.org

ExploitThird Party Advisory

http://www.infoma.net/index.php/saraban/

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://orangeo.tech/post/2021/12/24/First-CVEs.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryURL Repurposed

https://play.google.com/store/apps/details?id=th.co.softvibe.saraban&hl=en&gl=US

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://sawatdee.github.io/post/2021/12/24/First-CVEs.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.