← Back

Sitecore

sitecore

Vendor: Sitecore • 1 CVE

CVEs (1)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-38366
1Sitecore
1Sitecore
Nov 21, 2024
Aug 12, 2021
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
Sitecore through 10.1, when Update Center is enabled, allows remote authenticated users to upload arbitrary files and achieve remote code execution by visiting an uploaded .aspx file at an admin/Packages URL.