Arbitrary Command Execution via Specially-Crafted HTTP GET Requests

CVE-2021-21877 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Specially-crafted HTTP requests can lead to arbitrary command execution in “GET” requests. An attacker can make authenticated HTTP requests to trigger this vulnerability.

Learn more about our Web Application Penetration Testing UK.