Skip to main content

Tadtools

3 CVEs product

Monthly

CVE-2021-41975 CRITICAL Act Now

TadTools special page is vulnerable to authorization bypass, thus remote attackers can use the specific parameter to delete arbitrary files in the system without logging in. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Tadtools
NVD
CVSS 3.1
9.1
EPSS
1.3%
CVE-2021-41566 CRITICAL Act Now

The file extension of the TadTools file upload function fails to filter, thus remote attackers can upload any types of files and execute arbitrary code without logging in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Tadtools
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-41565 MEDIUM This Month

TadTools special page parameter does not properly restrict the input of specific characters, thus remote attackers can inject JavaScript syntax without logging in, and further perform reflective XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Tadtools
NVD
CVSS 3.1
6.1
EPSS
0.7%
EPSS 1% CVSS 9.1
CRITICAL Act Now

TadTools special page is vulnerable to authorization bypass, thus remote attackers can use the specific parameter to delete arbitrary files in the system without logging in. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Tadtools
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

The file extension of the TadTools file upload function fails to filter, thus remote attackers can upload any types of files and execute arbitrary code without logging in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Tadtools
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

TadTools special page parameter does not properly restrict the input of specific characters, thus remote attackers can inject JavaScript syntax without logging in, and further perform reflective XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Tadtools
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy