CVE-2021-42839

Grand Vice info Co. webopac7 file upload function fails to filter special characters. While logging in with general users permission, remote attackers can upload malicious script and execute arbitrary code to control the system or interrupt services.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
twcertCNA
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 80%
VendorProductVersion
vicewebopac
1.8.20160701
vicewebopac
7.1.20160701
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.twcert.org.tw/tw/cp-132-5288-9d546-1.html
https://www.twcert.org.tw/tw/cp-132-5288-9d546-1.html