CVE-2021-26626
HIGHXPLATFORM < 9.2.2.280 - Remote Code Execution via execBrowser Method
Title source: llmDescription
Improper input validation vulnerability in XPLATFORM's execBrowser method can cause execute arbitrary commands. IF the second parameter value of the execBrowser function is ‘default’, the first parameter value could be passed to the ShellExecuteW API. The passed parameter is an arbitrary code to be executed. Remote attackers can use this vulnerability to execute arbitrary remote code.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66662
Scores
CVSS v3
8.1
EPSS
0.0117
EPSS Percentile
63.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Details
CWE
CWE-20
Status
published
Products (1)
tobesoft/xplatform
< 9.2.2.280
Published
Apr 19, 2022
Tracked Since
Feb 18, 2026