CVE-2021-21978

Description

VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Improper input validation and lack of authorization leading to arbitrary file upload in logupload web application. An unauthorized attacker with network access to View Planner Harness could upload and execute a specially crafted file leading to remote code execution within the logupload container.

NVD
Severity: CRITICAL
CVE ID: CVE-2021-21978
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Refrence: NVD MITRE

Proof Of Concept

Nuclei Templates for CVE-2021-21978

Refrence: Project Discovery GitHub

GreyOrder

CVE-2021-21978 exp

Refrence: GitHub

me1ons

CVE-2021-21978 EXP

Refrence: GitHub

skytina

带回显版本的漏洞利用脚本

Refrence: GitHub

Description​

Proof Of Concept​

Description

Proof Of Concept