VYPR
Unrated severityNVD Advisory· Published Apr 19, 2022· Updated Aug 3, 2024

tobesoft XPLATFORM Arbitrary file execution Vulnerability

CVE-2021-26626

Description

Improper input validation vulnerability in XPLATFORM's execBrowser method can cause execute arbitrary commands. IF the second parameter value of the execBrowser function is ‘default’, the first parameter value could be passed to the ShellExecuteW API. The passed parameter is an arbitrary code to be executed. Remote attackers can use this vulnerability to execute arbitrary remote code.

Affected products

2
  • Tobesoft/XPLATFORMllm-fuzzy2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: unspecified

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.