CVE-2021-26630
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Improper input validation vulnerability in HANDY Groupware’s ActiveX moudle allows attackers to download or execute arbitrary files. This vulnerability can be exploited by using the file download or execution path as the parameter value of the vulnerable function.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Handysoft Co.,Ltd | HANDY Groupware | unspecified <= 1.7.4.6 | affected |
| Handysoft Co.,Ltd | HANDY Groupware | unspecified <= 2.0.3.6 | affected |
| Handysoft Co.,Ltd | HANDY Groupware | unspecified <= 4.0.1.7 | affected |
Weaknesses
- CWE-20: CWE-20 Improper Input Validation
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.