CVE-2021-26626

Published: Apr 19, 2022Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Improper input validation vulnerability in XPLATFORM's execBrowser method can cause execute arbitrary commands. IF the second parameter value of the execBrowser function is ‘default’, the first parameter value could be passed to the ShellExecuteW API. The passed parameter is an arbitrary code to be executed. Remote attackers can use this vulnerability to execute arbitrary remote code.

Affected (1)

Products: Tobesoft: Xplatform

1 product

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tobesoft Xplatform	Before 9.2.2.280

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66662

Source: vuln@krcert.or.kr

Third Party Advisory

https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66662

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.