CVE-2021-27817

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-27817

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-27817.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-27817

Aliases

GHSA-xx77-w6p5-xvmj

Published

2021-03-15T17:15:22Z

Modified

2024-05-14T08:31:47.789471Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A remote command execution vulnerability in shopxo 1.9.3 allows an attacker to upload malicious code generated by phar where the suffix is JPG, which is uploaded after modifying the phar suffix.

References

Affected packages

Git / github.com/gongfuxiang/shopxo

Affected ranges

Type: GIT
Repo: https://github.com/gongfuxiang/shopxo
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

82a926c899ae8323ee020f45f515b718a22362e8

Affected versions

v1.*

v1.1.0

v1.2.0

v1.4.0

v1.5.0

v1.6.0

v1.7.0

v1.8.0

v1.8.1

v1.9.0

v1.9.1

v1.9.2

v1.9.3