CVE-2018-5203
CRITICALDEXTUploadX5 1.0.0.0-2.2.0.0 - Remote Code Execution via ActiveX Method Argument Manipulation
Title source: llmDescription
DEXTUploadX5 version Between 1.0.0.0 and 2.2.0.0 contains a vulnerability that could allow remote attacker to download and execute remote arbitrary file by setting the arguments to the activex method. this can be leveraged for code execution.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=30122
Scores
CVSS v3
9.8
EPSS
0.0234
EPSS Percentile
81.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (1)
dextsolution/dextuploadx5
1.0.0.0 - 2.2.0.0
Published
Dec 28, 2018
Tracked Since
Feb 18, 2026