Improper User Privilege Control in 4MOSAn GCB Doctor's File Upload Function

Improper User Privilege Control in 4MOSAn GCB Doctor's File Upload Function

CVE-2021-44159 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

4MOSAn GCB Doctor’s file upload function has improper user privilege control. A remote attacker can upload arbitrary files including webshell files without authentication and execute arbitrary code in order to perform arbitrary system operations or deny of service attack.

Learn more about our Web App Pen Testing.