Lucene search

KrcertCVELIST:CVE-2021-26617

HistoryFeb 25, 2022 - 6:10 p.m.

CVE-2021-26617 Gabia Firstmall remote code execution vulnerability

2022-02-2518:10:57

CWE-20

krcert

www.cve.org

gabia firstmall

input verification

remote code execution

cve-2021-26617

navercheckout_add function

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.004

Percentile

74.0%

JSON

This issues due to insufficient verification of the various input values from user’s input. The vulnerability allows remote attackers to execute malicious code in Firstmall via navercheckout_add function.

CNA Affected

[
  {
    "platforms": [
      "Windows"
    ],
    "product": "Firstmall",
    "vendor": "Gabia Co., Ltd",
    "versions": [
      {
        "status": "affected",
        "version": "multilingual latest version"
      }
    ]
  }
]

References

www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36469

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.004

Percentile

74.0%

JSON

Related for CVELIST:CVE-2021-26617