Description
Grand Vice info Co. webopac7 file upload function fails to filter special characters. While logging in with general user’s permission, remote attackers can upload malicious script and execute arbitrary code to control the system or interrupt services.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://www.twcert.org.tw/tw/cp-132-5288-9d546-1.html
Scores
CVSS v3
8.8
EPSS
0.0163
EPSS Percentile
82.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-434
Status
published
Products (2)
vice/webopac
1.8.20160701
vice/webopac
7.1.20160701
Published
Nov 15, 2021
Tracked Since
Feb 18, 2026