← Back

Security Awareness

security_awareness

Vendor: Lucysecurity • 1 CVE

CVEs (1)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-28132
1Lucysecurity
1Security Awareness
Nov 21, 2024
Mar 11, 2021
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
LUCY Security Awareness Software through 4.7.x allows unauthenticated remote code execution because the Migration Tool (in the Support section) allows upload of .php files within a system.tar.gz file. The .php file becom...Show more
LUCY Security Awareness Software through 4.7.x allows unauthenticated remote code execution because the Migration Tool (in the Support section) allows upload of .php files within a system.tar.gz file. The .php file becomes accessible with a public/system/static URI.Show less