CalvinBackup/CVEs-PoC
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2026-05-25 08:34:03 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
b0e96c877abb080d7cf221c036336480ff266ccf
CVEs-PoC/2021/CVE-2021-21907.md
T
0xMarcio 48a00929ac Removed duplicates
2024-06-18 02:51:15 +02:00

20 lines
984 B
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
### [CVE-2021-21907](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21907)
![](https://img.shields.io/static/v1?label=Product&message=Garrett%20Metal%20Detectors&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%3A%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen)
### Description
A directory traversal vulnerability exists in the CMA CLI getenv command functionality of Garrett Metal Detectors iC Module CMA Version 5.0. A specially-crafted command line argument can lead to local file inclusion. An attacker can provide malicious input to trigger this vulnerability.
### POC
#### Reference
- https://talosintelligence.com/vulnerability_reports/TALOS-2021-1358
#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/wr0x00/Lizard
- https://github.com/wr0x00/Lsploit
Reference in New Issue View Git Blame Copy Permalink