Arbitrary Command Execution in PUT Requests via Specially-Crafted HTTP Requests

Arbitrary Command Execution in PUT Requests via Specially-Crafted HTTP Requests

CVE-2021-21876 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Specially-crafted HTTP requests can lead to arbitrary command execution in PUT requests. An attacker can make authenticated HTTP requests to trigger this vulnerability.

Learn more about our Web Application Penetration Testing UK.