CVE-2021-36122

HIGH

Echo ShareCare 8.15.5 - Command Injection

Title source: llm

Description

An issue was discovered in Echo ShareCare 8.15.5. The UnzipFile feature in Access/EligFeedParse_Sup/UnzipFile_Upd.cfm is susceptible to a command argument injection vulnerability when processing remote input in the zippass parameter from an authenticated user, leading to the ability to inject arbitrary arguments to 7z.exe.

References (1)

[Third Party Advisory] https://github.com/atredispartners/advisories/blob/master/ATREDIS-2021-0001.md

Scores

CVSS v3 8.8

EPSS 0.0094

EPSS Percentile 76.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-88

Status published

Products (1)

echobh/sharecare 8.15.5

Published Jul 13, 2021

Tracked Since Feb 18, 2026