What is CVE-2021-30461?

CVE-2021-30461 is a vulnerability in N/a. Published 2021-05-29.

Is CVE-2021-30461 known to be exploited?

38 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2021-30461

A remote code execution issue was discovered in the web UI of VoIPmonitor before 24.61. When the recheck option is used, the user-supplied SPOOLDIR value (which might contain PHP code) is injected into config/configuration.php.

EPSS: 0.933 (99.8th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

Al1ex/CVE-2021-30461
Vulnmachines/CVE-2021-30461
daedalus/CVE-2021-30461
puckiestyle/CVE-2021-30461
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
ArrestX/--POC
Drajoncr/AttackWebFrameworkTools
EdgeSecurityTeam/Vulnerability
Elsfa7-110/kenzer-templates

References

ssd-disclosure.com/ssd-advisory--voipmonitor-unauth-rce (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-30461?: CVE-2021-30461 is a vulnerability in N/a. Published 2021-05-29.
Is CVE-2021-30461 known to be exploited?: 38 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.