- Date: 30-01-2021
- Exploit Author: Berkan Er b3rsec@protonmail.com
- Vendor Homepage: https://www.fortilogger.com/
- Software Link: https://www.fortilogger.com/download
- Version: 4.4.2.2
- Tested on: Windows 10 Enterprise x64
- CVE: 2021-3378
- Disclosure Date: 26-02-2021
This module exploits an unauthenticated arbitrary file upload via insecure POST request. It has been tested on version 4.4.2.2 in Windows 10 Enterprise.
More Details: https://erberkan.github.io/2021/cve-2021-3378/