CVE-2021-26642

Published: Jan 20, 2023Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

When uploading an image file to a bulletin board developed with XpressEngine, a vulnerability in which an arbitrary file can be uploaded due to insufficient verification of the file. A remote attacker can use this vulnerability to execute arbitrary code on the server where the bulletin board is running.

Affected (1)

Products: Xpressengine: Xpressengine

1 product

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xpressengine Xpressengine	Before 3.0.14

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

https://boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=67125

Source: vuln@krcert.or.kr

Third Party Advisory

https://boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=67125

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.