CVE-2021-26630

Summary

Improper input validation vulnerability in HANDY Groupware’s ActiveX moudle allows attackers to download or execute arbitrary files. This vulnerability can be exploited by using the file download or execution path as the parameter value of the vulnerable function.

Affected Software

VendorProductVersion RangeStatus
Handysoft Co.,LtdHANDY Groupwareunspecified <= 1.7.4.6affected
Handysoft Co.,LtdHANDY Groupwareunspecified <= 2.0.3.6affected
Handysoft Co.,LtdHANDY Groupwareunspecified <= 4.0.1.7affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CVE Program Container

Additional References

References