.. / CVE-2021-21479

Exploit for SCIMono <0.0.19 - Remote Code Execution (CVE-2021-21479)

Description:

SCIMono before 0.0.19 is vulnerable to remote code execution because it is possible for an attacker to inject and execute java expressions and compromise the availability and integrity of the system.

Nuclei Template

View the template here CVE-2021-21479.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-21479.yaml

References:

https://github.com/ARPSyndicate/cvemon
https://github.com/ARPSyndicate/kenzer-templates
https://github.com/SAP/scimono/security/advisories/GHSA-29q4-gxjq-rx5c
https://nvd.nist.gov/vuln/detail/CVE-2021-21479
https://securitylab.github.com/advisories/GHSL-2020-227-scimono-ssti/

.. / CVE-2021-21479 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for SCIMono <0.0.19 - Remote Code Execution (CVE-2021-21479)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2021-21479