CVE-2021-36356
Description
KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames (even though browseSystemFiles.php is no longer reachable via the GUI). NOTE: this issue exists because of an incomplete fix for CVE-2019-17124.
NVD
Severity: CRITICAL
CVE ID: CVE-2021-36356
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Proof Of Concept
Nuclei Templates for CVE-2021-36356
Refrence: Project Discovery GitHub
Content on GitHub
Chocapikk | watchers:1
CVE-2021-35064
Python script to exploit CVE-2021-35064 and CVE-2021-36356
Refrence: GitHub