cvelist/2021/42xxx/CVE-2021-42839.json

{
    "CVE_data_meta": {
        "AKA": "TWCERT/CC",
        "ASSIGNER": "cve@cert.org.tw",
        "DATE_PUBLIC": "2021-11-15T09:18:00.000Z",
        "ID": "CVE-2021-42839",
        "STATE": "PUBLIC",
        "TITLE": "Grand Vice info Co. webopac7 - Arbitrary File Upload"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "webopac7",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "=",
                                            "version_value": "7.1.20160701"
                                        },
                                        {
                                            "version_affected": "=",
                                            "version_value": "1.8.20160701"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "Grand Vice info Co."
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "Grand Vice info Co. webopac7 file upload function fails to filter special characters. While logging in with general user\u2019s permission, remote attackers can upload malicious script and execute arbitrary code to control the system or interrupt services."
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.0.9"
    },
    "impact": {
        "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "refsource": "MISC",
                "url": "https://www.twcert.org.tw/tw/cp-132-5288-9d546-1.html",
                "name": "https://www.twcert.org.tw/tw/cp-132-5288-9d546-1.html"
            }
        ]
    },
    "solution": [
        {
            "lang": "eng",
            "value": "Contact tech support from Grand Vice info Co."
        }
    ],
    "source": {
        "advisory": "TVN-202111004",
        "discovery": "EXTERNAL"
    }
}