Arbitrary Remote Code Execution Vulnerability in Yupoxion BearAdmin

CVE-2021-35261 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

File Upload Vulnerability in Yupoxion BearAdmin before commit 10176153528b0a914eb4d726e200fd506b73b075 allows attacker to execute arbitrary remote code via the Upfile function of the extend/tools/Ueditor endpoint.

Learn more about our Web Application Penetration Testing UK.