CVE-2021-30461
72Vexday Risk Score
Patch now. It exploitation observed by VulnCheck and has a working public exploit.
ssvc Actepss 37%
from disclosure to weapon0 days
Published on NVDMay 29
1st PoCMay 6
VulnCheck+1196d
exploitation probability
37%top 2% of all CVEs
observed exploitation
yesVulnCheck
4 public exploit(s)
A remote code execution issue was discovered in the web UI of VoIPmonitor before 24.61. When the recheck option is used, the user-supplied SPOOLDIR value (which might contain PHP code) is injected into config/configuration.php.
Affected products
n/a · n/apublic PoCs found — 4
vulncheckvulncheck.com/xdb/ef8a8fe7e142unverifiedvulncheckvulncheck.com/xdb/54690a04a3bdunverifiedvulncheckvulncheck.com/xdb/6d44f4348f4dunverifiedvulncheckvulncheck.com/xdb/9457822ce294unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.