CVE-2021-43099 is a vulnerability in Diyhi Bbs
Published on March 28, 2022
An Archive Extraction (AKA "Zip Slip) vulnerability exists in bbs 5.3 in the UpgradeNow function in UpgradeManageAction.java, which unzips the arbitrary upladed zip file without checking filenames. The vulnerability is exploited using a specially crafted archive that holds directory traversal filenames (e.g. ../../evil.exe).
Products Associated with CVE-2021-43099
Want to know whenever a new CVE is published for Diyhi Bbs? stack.watch will email you.
Exploit Probability
EPSS
0.61%
Percentile
70.08%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.