CVE-2021-43970

Published: Mar 10, 2022Modified: Jun 17, 2026

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

An arbitrary file upload vulnerability exists in albumimages.jsp in Quicklert for Digium 10.0.0 (1043) via a .mp3;.jsp filename for a file that begins with audio data bytes. It allows an authenticated (low privileged) attacker to execute remote code on the target server within the context of application's permissions (SYSTEM).

Affected (1)

Products: Quicklert: Quicklert

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Quicklert Quicklert	Version 10.0.0

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (4)

https://quicklert.com

Source: cve@mitre.org

Vendor Advisory

https://www.assurainc.com/assura-announces-discovery-of-two-vulnerabilities-in-quicklert-for-digium-switchvox/amp-on/

Source: cve@mitre.org

ExploitThird Party Advisory

https://quicklert.com

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.assurainc.com/assura-announces-discovery-of-two-vulnerabilities-in-quicklert-for-digium-switchvox/amp-on/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.