Remote Code Execution in Simple Water Refilling Station Management System 1.0 via System Logo Option

Remote Code Execution in Simple Water Refilling Station Management System 1.0 via System Logo Option

CVE-2021-38841 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Remote Code Execution can occur in Simple Water Refilling Station Management System 1.0 via the System Logo option on the system_info page in classes/SystemSettings.php with an update_settings action.

Learn more about our Web Application Penetration Testing UK.