CVE-2021-26626 HIGH

CVE-2021-26626: tobesoft XPLATFORM Arbitrary file execution Vulnerability

Vendor Tobesoft Co.,Ltd

Product XPLATFORM

Weakness CWE-20 · Input validation

Published April 19, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

8.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

Improper input validation vulnerability in XPLATFORM's execBrowser method can cause execute arbitrary commands. IF the second parameter value of the execBrowser function is ‘default’, the first parameter value could be passed to the ShellExecuteW API. The passed parameter is an arbitrary code to be executed. Remote attackers can use this vulnerability to execute arbitrary remote code.

Key dates

02Disclosure timeline

April 19, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-26626

Related vulnerabilities

Identifiers

CVE CVE-2021-26626

CWE CWE-20

CVSS 8.1 / HIGH

Affected versions