Vulnerabilities > CVE-2021-39392 - Deserialization of Untrusted Data vulnerability in Mylittletools Mylittlebackup

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
mylittletools
CWE-502

Summary

The management tool in MyLittleBackup up to and including 1.7 allows remote attackers to execute arbitrary code because machineKey is hardcoded (the same for all customers' installations) in web.config, and can be used to send serialized ASP code.

Vulnerable Configurations

Part Description Count
Application
Mylittletools
1

Common Weakness Enumeration (CWE)