Grand Vice info Co. webopac7 file upload function fails to filter special characters. While logging in with general user’s permission, remote attackers can upload malicious script and execute arbitrary code to control the system or interrupt services.
References
Link | Resource |
---|---|
https://www.twcert.org.tw/tw/cp-132-5288-9d546-1.html | Third Party Advisory |
https://www.twcert.org.tw/tw/cp-132-5288-9d546-1.html | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 06:28
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.twcert.org.tw/tw/cp-132-5288-9d546-1.html - Third Party Advisory |
16 Nov 2021, 17:24
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.twcert.org.tw/tw/cp-132-5288-9d546-1.html - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 9.0
v3 : 8.8 |
CPE | cpe:2.3:a:vice:webopac:7.1.20160701:*:*:*:*:*:*:* cpe:2.3:a:vice:webopac:1.8.20160701:*:*:*:*:*:*:* |
15 Nov 2021, 10:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-11-15 10:15
Updated : 2024-11-21 06:28
NVD link : CVE-2021-42839
Mitre link : CVE-2021-42839
CVE.ORG link : CVE-2021-42839
JSON object : View
Products Affected
vice
- webopac
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type