Sfcyazilim

sfcyazilim

2 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Sonlogger

sonlogger

2 CVEs

CVEs (2)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-27964 1Sfcyazilim 1Sonlogger Jun 17, 2026 Mar 5, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File Upload. An attacker can send a POST request to /Config/SaveUploadedHotspotLogoFile without any authentication or session header. There is no check for...Show more SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File Upload. An attacker can send a POST request to /Config/SaveUploadedHotspotLogoFile without any authentication or session header. There is no check for the file extension or content of the uploaded file.Show less
CVE-2021-27963 1Sfcyazilim 1Sonlogger Jun 17, 2026 Mar 5, 2021 N/A· v4 8.2 HIGH· v3 6.4 MEDIUM· v2 SonLogger before 6.4.1 is affected by user creation with any user permissions profile (e.g., SuperAdmin). An anonymous user can send a POST request to /User/saveUser without any authentication or session header.

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2021-27964

1Sfcyazilim

1Sonlogger

Jun 17, 2026

Mar 5, 2021

N/A· v4

9.8 CRITICAL· v3

7.5 HIGH· v2

SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File Upload. An attacker can send a POST request to /Config/SaveUploadedHotspotLogoFile without any authentication or session header. There is no check for...Show more

CVE-2021-27963

1Sfcyazilim

1Sonlogger

Jun 17, 2026

Mar 5, 2021

N/A· v4

8.2 HIGH· v3

6.4 MEDIUM· v2

SonLogger before 6.4.1 is affected by user creation with any user permissions profile (e.g., SuperAdmin). An anonymous user can send a POST request to /User/saveUser without any authentication or session header.