CVE-2021-26610
7.2
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
The move_uploaded_file function in godomall5 does not perform an integrity check of extension or authority when user upload file. This vulnerability allows an attacker to execute an remote arbitrary code.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| NHN COMMERCE | godomall5 Std, godomall5 Pro | 6 <= 6 | affected |
| NHN COMMERCE | godomall5 Std, godomall5 Pro | 9 <= 9 | affected |
Weaknesses
- CWE-353: CWE-353 Missing Support for Integrity Check
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.