Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:CVE-2021-26642
HistoryJan 20, 2023 - 5:15 p.m.

CVE-2021-26642

2023-01-2017:15:10
Google
osv.dev
3
cve-2021-26642
bulletin board
xpressengine
image upload
remote attacker
arbitrary code
server

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.004

Percentile

73.6%

JSON

When uploading an image file to a bulletin board developed with XpressEngine, a vulnerability in which an arbitrary file can be uploaded due to insufficient verification of the file. A remote attacker can use this vulnerability to execute arbitrary code on the server where the bulletin board is running.

Related

osv 1
cvelist 1
nvd 1
github 1
cve 1
prion 1
osv
osv
XpressEngine vulnerable to Unrestricted Upload of File with Dangerous Type
2023-01-20 18:30:22
cvelist
cvelist
CVE-2021-26642 XpressEngine file upload vulnerability
2023-01-20 00:00:00
nvd
nvd
CVE-2021-26642
2023-01-20 17:15:10
github
github
XpressEngine vulnerable to Unrestricted Upload of File with Dangerous Type
2023-01-20 18:30:22
cve
cve
CVE-2021-26642
2023-01-20 17:15:10
prion
prion
Design/Logic Flaw
2023-01-20 17:15:00

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.004

Percentile

73.6%

JSON
Related for OSV:CVE-2021-26642
osv1cvelist1nvd1github1cve1prion1