CVE-2021-26612
HIGHNexacro < 17.1.2.500 - Arbitrary File Creation and Remote Code Execution via Copy Method
Title source: llmDescription
An improper input validation leading to arbitrary file creation was discovered in copy method of Nexacro platform. Remote attackers use copy method to execute arbitrary command after the file creation included malicious code.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36380
Scores
CVSS v3
8.1
EPSS
0.0116
EPSS Percentile
63.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Details
CWE
CWE-20
Status
published
Products (1)
tobesoft/nexacro
< 17.1.2.500
Published
Nov 30, 2021
Tracked Since
Feb 18, 2026