CVE-2021-26610

Summary

The move_uploaded_file function in godomall5 does not perform an integrity check of extension or authority when user upload file. This vulnerability allows an attacker to execute an remote arbitrary code.

Affected Software

VendorProductVersion RangeStatus
NHN COMMERCEgodomall5 Std, godomall5 Pro6 <= 6affected
NHN COMMERCEgodomall5 Std, godomall5 Pro9 <= 9affected

Weaknesses

  • CWE-353: CWE-353 Missing Support for Integrity Check

ADP Enrichment

CVE Program Container

Additional References

References