Unrestricted File Upload Vulnerability in TadTools File Upload Function

Unrestricted File Upload Vulnerability in TadTools File Upload Function

CVE-2021-41566 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

The file extension of the TadTools file upload function fails to filter, thus remote attackers can upload any types of files and execute arbitrary code without logging in.

Learn more about our Web Application Penetration Testing UK.