CVE-2021-26630
HIGHHANDY Groupware < 1.7.4.7 - Arbitrary File Download and Execution via ActiveX Module
Title source: llmDescription
Improper input validation vulnerability in HANDY Groupware’s ActiveX moudle allows attackers to download or execute arbitrary files. This vulnerability can be exploited by using the file download or execution path as the parameter value of the vulnerable function.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66723
Scores
CVSS v3
7.8
EPSS
0.0073
EPSS Percentile
49.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (1)
handysoft/groupware
< 1.7.4.7
Published
May 19, 2022
Tracked Since
Feb 18, 2026