CVE-2020-7867
HIGHhelpuviewer - Unauthenticated Arbitrary File Creation and Execution via File Transfer Menu
Title source: llmDescription
An improper input validation vulnerability in Helpu solution could allow a local attacker to arbitrary file creation and execution without click file transfer menu. It is possible to file in arbitrary directory for user because the viewer program receive the file from agent with privilege of administrator.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36303
Scores
CVSS v3
8.0
EPSS
0.0078
EPSS Percentile
51.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (1)
helpu/helpuviewer
2018.5.21.0
Published
Oct 27, 2021
Tracked Since
Feb 18, 2026