CVE-2020-7867

HIGH

helpuviewer - Unauthenticated Arbitrary File Creation and Execution via File Transfer Menu

Title source: llm
STIX 2.1

Description

An improper input validation vulnerability in Helpu solution could allow a local attacker to arbitrary file creation and execution without click file transfer menu. It is possible to file in arbitrary directory for user because the viewer program receive the file from agent with privilege of administrator.

References (1)

Core 1
Core References

Scores

CVSS v3 8.0
EPSS 0.0078
EPSS Percentile 51.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (1)
helpu/helpuviewer 2018.5.21.0
Published Oct 27, 2021
Tracked Since Feb 18, 2026