CVE-2021-26610 HIGH

CVE-2021-26610: godomall5 remote code execution vulnerability

Vendor Nhn Commerce
Product godomall5 Std, godomall5 Pro
Weakness CWE-353
Published October 27, 2021
Last update August 3, 2024

CVSS base score

7.2/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

The move_uploaded_file function in godomall5 does not perform an integrity check of extension or authority when user upload file. This vulnerability allows an attacker to execute an remote arbitrary code.

Key dates

02Disclosure timeline

October 27, 2021 CVE published
August 3, 2024 Record updated