CVE-2021-33354 An htmly vulnerability allows remote attackers to delete arbitrary files.

htmly is a valid web server. When a remote attacker sends a request with a modified file parameter, the htmly program will delete that file and execute the malicious request. This can be exploited by remote attackers to perform arbitrary file deletions. htmly version 1.0.0 to 1.0.9 are vulnerable. htmly version 2.8.1 to 3.0.0 are NOT vulnerable. You can find more details about the htmly remote code execution vulnerability here. htmly is a valid web server. When a remote attacker sends a request with a modified file parameter, the htmly program will delete that file and execute the malicious request. This can be exploited by remote attackers to perform arbitrary file deletions. htmly version 1.0.0 to 1.0.9 are vulnerable. htmly version 2.8.1 to 3.0.0 are NOT vulnerable. You can find more details about the htmly remote code execution vulnerability here. - CVE-2016-6811 htmly before 2.8.1 has a vulnerability that can be exploited by remote attackers to perform arbitrary file deletions. The htmly program is a valid web server. When a remote attacker sends a request with a modified file parameter, the htmly program will delete that file and execute the malicious request. This can be exploited by remote attackers to perform arbitrary file deletions. htmly version 1.

htmly Vulnerability – Attack scenario and explaination

A remote attacker sends a request to htmly with a modified file parameter. When the web server processes this request, it deletes the given file and executes the malicious request. It is possible for attackers to exploit this vulnerability by sending a malformed request that causes the deletion of other files on the system. This can be exploited by remote attackers to perform arbitrary file deletions.

htmldirse ld

A directory traversal vulnerability in htmlly may allow attackers to overwrite any file on the system with a different file. This can be exploited by remote attackers using malicious files or links to read data from, or write data to, arbitrary files and directories on the system. htmldirseld version 1.0.0 to 1.0.1 are vulnerable. htmldirseld version 2.6.1 to 2.7.2 are NOT vulnerable. You can find more details about the htmldirseld vulnerability here

Timeline

Published on: 09/30/2022 18:15:00 UTC
Last modified on: 10/04/2022 17:00:00 UTC

References

• https://github.com/danpros/htmly/issues/462
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33354