.. / CVE-2021-21307

Exploit for Lucee Admin - Remote Code Execution (CVE-2021-21307)

Description:

Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 contains an unauthenticated remote code execution vulnerability.

Nuclei Template

View the template here CVE-2021-21307.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-21307.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2021-21307
https://github.com/httpvoid/writeups/blob/main/Apple-RCE.md
https://dev.lucee.org/t/lucee-vulnerability-alert-november-2020/7643
https://github.com/lucee/Lucee/security/advisories/GHSA-2xvv-723c-8p7r
http://ciacfug.org/blog/updating-lucee-as-part-of-a-vulnerability-alert-response