CVE-2021-26629

Summary

A path traversal vulnerability in XPLATFORM's runtime archive function could lead to arbitrary file creation. When the .xzip archive file is decompressed, an arbitrary file can be d in the parent path by using the path traversal pattern ‘..\’.

Affected Software

VendorProductVersion RangeStatus
tobesoft Co.,LtdXPLATFORMunspecified <= 9.2.2.280affected

Weaknesses

  • CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

ADP Enrichment

CVE Program Container

Additional References

References