CVE-2021-41566— Tad TadTools - Arbitrary File Upload
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-41566
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Tad TadTools - Arbitrary File Upload
Source: NVD (National Vulnerability Database)
Vulnerability Description
The file extension of the TadTools file upload function fails to filter, thus remote attackers can upload any types of files and execute arbitrary code without logging in.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
危险类型文件的不加限制上传
Source: NVD (National Vulnerability Database)
Vulnerability Title
Tad TadTools 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Tad TadTools是中国台湾Tad个人开发者的一个模组工具包。用于模组开发,可大幅减少每个模组的体积,并且加速开发时程。 Tad TadTools 中存在代码问题漏洞,该漏洞源于产品file upload函数未对文件扩展名进行过滤。攻击者可通过该漏洞上传任意类型文件并执行任意代码。以下产品及版本受到影响: Tad TadTools v3.2.1 版本及之前版本。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2021-41566
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-41566
请登录查看更多情报信息。
- https://www.twcert.org.tw/tw/cp-132-5170-83472-1.htmlx_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2021-41566
Same Patch Batch · Tad · 2021-10-08 · 9 CVEs total
| CVE-2021-41974 | 9.1 CRITICAL | Tad Book3 - Improper Authorization |
| CVE-2021-41975 | 7.5 HIGH | Tad TadTools - Improper Authorization |
| CVE-2021-41563 | 6.1 MEDIUM | Tad Book3 - Stored XSS |
| CVE-2021-41565 | 6.1 MEDIUM | Tad TadTools - Reflected XSS |
| CVE-2021-41567 | 6.1 MEDIUM | Tad Uploader - Stored XSS |
| CVE-2021-41564 | 5.3 MEDIUM | Tad Honor - Improper Authorization |
| CVE-2021-41568 | 5.3 MEDIUM | Tad Web - Improper Authorization |
| CVE-2021-41976 | 5.3 MEDIUM | Tad Uploader - Improper Authorization |
IV. Related Vulnerabilities
Same weakness: CWE-434
- CVE-2021-47943
TextPattern CMS 4.8.7 Remote Code Execution via File Upload - CVE-2021-47937
e107 CMS 2.3.0 Authenticated Remote Code Execution via Theme - CVE-2026-41517
Emlog: Remote Code Execution via Malicious Plugin Upload - CVE-2026-6692
Slider Revolution 7.0.0 - 7.0.10 - Authenticated (Subscriber - CVE-2026-41587
CI4MS: Unrestricted PHP File Upload via Theme Installation L
V. Comments for CVE-2021-41566
No comments yet