CVE-2021-26610 Vulnerability Details

  /     /     /  

CVE-2021-26610 Metadata Quick Info

CVE Published: 27/10/2021 | CVE Updated: 03/08/2024 | CVE Year: 2021
Source: krcert | Vendor: NHN COMMERCE | Product: godomall5 Std, godomall5 Pro
Status : PUBLISHED

---

CVE-2021-26610 Description

The move_uploaded_file function in godomall5 does not perform an integrity check of extension or authority when user upload file. This vulnerability allows an attacker to execute an remote arbitrary code.

Metrics

CVSS Version: 3.1 | Base Score: 7.2 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* HIGH
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* HIGH
    Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID: CWE-353
CWE Name: CWE-353 Missing Support for Integrity Check
Source: NHN COMMERCE

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).