CVE-2018-5203

CRITICAL

DEXTUploadX5 1.0.0.0-2.2.0.0 - Remote Code Execution via ActiveX Method Argument Manipulation

Title source: llm
STIX 2.1

Description

DEXTUploadX5 version Between 1.0.0.0 and 2.2.0.0 contains a vulnerability that could allow remote attacker to download and execute remote arbitrary file by setting the arguments to the activex method. this can be leveraged for code execution.

References (1)

Core 1
Core References

Scores

CVSS v3 9.8
EPSS 0.0234
EPSS Percentile 81.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (1)
dextsolution/dextuploadx5 1.0.0.0 - 2.2.0.0
Published Dec 28, 2018
Tracked Since Feb 18, 2026