← back
CVE-2021-42839

Grand Vice info Co. webopac7 - Arbitrary File Upload

CVSS 8.8 HIGHEPSS 2.4%CWE-434
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.8EPSS 2.4%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
15 Nov 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Grand Vice info Co. webopac7 file upload function fails to filter special characters. While logging in with general user’s permission, remote attackers can upload malicious script and execute arbitrary code to control the system or interrupt services.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
Grand Vice info Co. · webopac7

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.twcert.org.tw/tw/cp-132-5288-9d546-1.html