CVE-2021-41976
5.3 MEDIUMTad Uploader edit book list function is vulnerable to authorization bypass, thus remote attackers can use the function to amend the folde...
Published: 2021-10-08 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 5.3 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
- CWE
- CWE-285, CWE-306
Affected products
| Vendor | Product |
|---|---|
| tad_uploader_project | tad_uploader |
Description
Tad Uploader edit book list function is vulnerable to authorization bypass, thus remote attackers can use the function to amend the folder names in the book list without logging in.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2021-41567 — The new add subject parameter of Tad Uploader view book list function fails to filter special characters (6.1 MEDIUM)
Same CWE
- CVE-2026-0647 — An improper authentication security issue exists within the 1794-AENTR adapter's embedded web server
- CVE-2018-25437 — WordPress CherryFramework Themes 3.1.4 contains an information disclosure vulnerability that allows unauthenticated attackers to download... (7.5 HIGH)
- CVE-2026-12213 — A vulnerability was found in hcengineering Huly Platform up to 0.7.0 (4.3 MEDIUM)
- CVE-2026-12204 — A vulnerability was determined in ShopXO up to 6.7.1 (7.3 HIGH)
- CVE-2026-12190 — A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android (5.3 MEDIUM)