CVE-2021-37363
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-37363
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
An Insecure Permissions issue exists in Gestionale Open 11.00.00. A low privilege account is able to rename the mysqld.exe file located in bin folder and replace with a malicious file that would connect back to an attacking computer giving system level privileges (nt authority\system) due to the service running as Local System. While a low privilege user is unable to restart the service through the application, a restart of the computer triggers the execution of the malicious file. The application also have unquoted service path issues.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Gestionale Open Srl Gestionale Open 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Gestionale Open Srl Gestionale Open(Go)是意大利Gestionale Open Srl 公司的一个开源的中小企业的免费 Erp 管理软件。 Gestionale Open存在安全漏洞,该漏洞源于低权限帐户能够重命名位于bin文件夹中的mysqld.exe文件,并将其替换为恶意文件,该恶意文件将连接回攻击计算机,并由于服务运行为本地系统而给予系统级特权(nt权限系统)。当低特权用户无法通过应用程序重新启动服务时,计算机的重新启动会触发恶意文件的执行。应用程序还存在未引用
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2021-37363
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-37363
请登录查看更多情报信息。
- https://www.exploit-db.com/exploits/50449x_refsource_MISC
- https://www.gestionaleopen.org/x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2021-37363
Same Patch Batch · n/a · 2021-10-26 · 14 CVEs total
| CVE-2021-41866 | MyBB 跨站脚本漏洞 | |
| CVE-2020-22864 | Froala WYSIWYG Editor 跨站脚本漏洞 | |
| CVE-2021-37364 | OpenClinic GA 安全漏洞 | |
| CVE-2021-37372 | Online Student Admission System 代码问题漏洞 | |
| CVE-2021-37371 | Online Student Admission System SQL注入漏洞 | |
| CVE-2011-4119 | Caml-light 安全漏洞 | |
| CVE-2011-2195 | websvn 操作系统命令注入漏洞 | |
| CVE-2021-41078 | Nameko 代码问题漏洞 | |
| CVE-2021-41873 | Penguin Aurora TV Box 41502 安全漏洞 | |
| CVE-2021-40344 | Nagios XI 代码问题漏洞 | |
| CVE-2021-40343 | Nagios XI 安全漏洞 | |
| CVE-2021-42343 | Python Dask 安全漏洞 | |
| CVE-2021-40345 | Nagios XI 命令注入漏洞 |
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-8276
bettercap MySQL Server mysql_server.go integer coercion - CVE-2026-8275
bettercap zerogod IPP Service zerogod_ipp_primitives.go ippR - CVE-2026-8270
Open5GS SMF ogs_nas_parse_qos_rules denial of service - CVE-2026-8269
Open5GS SMF smf_nsmf_handle_create_sm_context denial of serv - CVE-2026-8268
Open5GS SMF OpenAPI_list_create denial of service
V. Comments for CVE-2021-37363
No comments yet