CVE-2021-21978
Description
VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Improper input validation and lack of authorization leading to arbitrary file upload in logupload web application. An unauthorized attacker with network access to View Planner Harness could upload and execute a specially crafted file leading to remote code execution within the logupload container.
NVD
Severity: CRITICAL
CVE ID: CVE-2021-21978
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Proof Of Concept
Nuclei Templates for CVE-2021-21978
Refrence: Project Discovery GitHub
GreyOrder
CVE-2021-21978 exp
Refrence: GitHub
me1ons
CVE-2021-21978 EXP
Refrence: GitHub
skytina
带回显版本的漏洞利用脚本
Refrence: GitHub