Remote Code Execution Vulnerability in Subrion CMS by Intelliants
CVE-2021-43464

8.8HIGH

Key Information:

Vendor: Intelliants
Status: Subrion Cms
Vendor: CVE Published:; 4 April 2022

🔔 Create Intelliants Vulnerability Alert

What is CVE-2021-43464?

A Remote Code Execution vulnerability exists in Subrion CMS version 4.2.1 that allows an attacker to execute arbitrary code. The flaw is triggered when a background field is modified; this modification causes the data within it to be executed via the eval() function, allowing for potential exploitation. Users are advised to review the code and apply necessary patches to mitigate risks associated with this vulnerability.

References

https://github.com/intelliants/subrion/issues/888

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 4, 2022
Vulnerability Reserved
Nov 8, 2021