Cobbler Log Poisoning and Remote Code Execution Vulnerability

CVE-2021-40323 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.

Learn more about our Web Application Penetration Testing UK.