CVE-2021-42839

Grand Vice info Co. webopac7 file upload function fails to filter special characters. While logging in with general user’s permission, remote attackers can upload malicious script and execute arbitrary code to control the system or interrupt services.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:vice:webopac:1.8.20160701:*:*:*:*:*:*:*
cpe:2.3:a:vice:webopac:7.1.20160701:*:*:*:*:*:*:*

History

21 Nov 2024, 06:28

Type Values Removed Values Added
References () https://www.twcert.org.tw/tw/cp-132-5288-9d546-1.html - Third Party Advisory () https://www.twcert.org.tw/tw/cp-132-5288-9d546-1.html - Third Party Advisory

16 Nov 2021, 17:24

Type Values Removed Values Added
References (MISC) https://www.twcert.org.tw/tw/cp-132-5288-9d546-1.html - (MISC) https://www.twcert.org.tw/tw/cp-132-5288-9d546-1.html - Third Party Advisory
CVSS v2 : unknown
v3 : 8.8
v2 : 9.0
v3 : 8.8
CPE cpe:2.3:a:vice:webopac:7.1.20160701:*:*:*:*:*:*:*
cpe:2.3:a:vice:webopac:1.8.20160701:*:*:*:*:*:*:*

15 Nov 2021, 10:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-11-15 10:15

Updated : 2024-11-21 06:28


NVD link : CVE-2021-42839

Mitre link : CVE-2021-42839

CVE.ORG link : CVE-2021-42839


JSON object : View

Products Affected

vice

  • webopac
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type