CVE-2021-42839
HIGHGrand Vice info Co. webopac7 - Unauthenticated Arbitrary File Upload and Remote Code Execution via File Upload Function
Title source: llmDescription
Grand Vice info Co. webopac7 file upload function fails to filter special characters. While logging in with general user’s permission, remote attackers can upload malicious script and execute arbitrary code to control the system or interrupt services.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://www.twcert.org.tw/tw/cp-132-5288-9d546-1.html
Scores
CVSS v3
8.8
EPSS
0.0235
EPSS Percentile
81.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-434
Status
published
Products (2)
vice/webopac
1.8.20160701
vice/webopac
7.1.20160701
Published
Nov 15, 2021
Tracked Since
Feb 18, 2026