Login Sign Up

CVE-2021-42228

8.8 HIGH
CSRF

📋 TL;DR

This CSRF vulnerability in KindEditor 4.1.x allows attackers to trick authenticated users into performing unintended file uploads via malicious requests. It affects web applications using the vulnerable KindEditor component, particularly those with file upload functionality enabled. The vulnerability is exploitable when users are logged into affected systems.

💻 Affected Systems

Products:
  • KindEditor
Versions: 4.1.x
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Specifically affects the uploadbutton.html example file, but the underlying vulnerability exists in the core editor when file upload functionality is enabled.

📦 What is this software?

Kindeditor by Kindsoft

View all CVEs affecting Kindeditor →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could upload malicious files (webshells, malware) to the server, potentially leading to complete system compromise and data exfiltration.

🟠

Likely Case

Unauthorized file uploads leading to defacement, malware distribution, or limited server access depending on file permissions.

🟢

If Mitigated

With proper CSRF protections, the vulnerability cannot be exploited even if the vulnerable component remains present.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

CSRF attacks require user interaction (visiting malicious page while authenticated) but are well-documented and easy to implement.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.1.13 and later

Vendor Advisory: https://github.com/kindsoft/kindeditor/issues/337

Restart Required: No

Instructions:

1. Update KindEditor to version 4.1.13 or later. 2. Replace the vulnerable uploadbutton.html file. 3. Verify CSRF tokens are properly implemented in all file upload endpoints.

🔧 Temporary Workarounds

Disable file upload functionality

all

Remove or disable the vulnerable uploadbutton.html example and any file upload features in KindEditor configuration.

Remove examples/uploadbutton.html from your KindEditor installation

Implement CSRF protection

all

Add CSRF tokens to all file upload forms and validate them server-side.

🧯 If You Can't Patch

  • Implement strict file type validation and size limits on uploads
  • Store uploaded files outside web root with restricted permissions

🔍 How to Verify

Check if Vulnerable:

Check if KindEditor version is 4.1.x and if examples/uploadbutton.html exists without CSRF protection.

Check Version:

Check KindEditor source files for version information or examine package.json if available.

Verify Fix Applied:

Verify KindEditor version is 4.1.13+ and test that file uploads require valid CSRF tokens.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected file uploads to KindEditor endpoints
  • File uploads without proper referrer/CSRF validation

Network Indicators:

  • POST requests to upload endpoints without CSRF tokens
  • Requests from unexpected origins to upload endpoints

SIEM Query:

source="web_server" AND (uri="/kindeditor/upload*" OR uri="*/uploadbutton.html") AND NOT csrf_token=*

📊 Metadata

CVE ID: CVE-2021-42228
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-352
Published: October 14, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-42228, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2020-23426 9.8

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain...

Same vulnerability type (CWE-352)
CVE-2024-33449 9.8

This SSRF vulnerability in PDFMyURL allows attackers to make the service send requests to internal s...

Same vulnerability type (CWE-352)