Japan Vulnerability NotesJVN:53886050JVN#53886050 Vulnerability in La!cooda WIZ and LacoodaST allowing an arbitrary PHP script execution
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.016 Low
EPSS
Percentile
87.3%
La!cooda WIZ from System Consultants Co., Ltd. and LacoodaST from SpaceTag, Inc. are groupware providing schedule and task managements, etc. La!cooda WIZ and LacoodaST contain a vulnerability which may allow a malicious user to execute an arbitrary PHP script on the server.
Impact
If an arbitrary PHP script is executed, files on the server could be deleted or disclosed.
Solution
Update the Software
Apply the latest updates provided by the vendors.
For more information, refer to the vendorsβ websites.
Products Affected
- La!cooda WIZ 1.4.0 and earlier
- LacoodaST 2.1.3 and earlier
For more information, refer to the vendorsβ websites.
Related
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.016 Low
EPSS
Percentile
87.3%