VYPR
Critical severityNVD Advisory· Published Jan 20, 2023· Updated Apr 3, 2025

XpressEngine file upload vulnerability

CVE-2021-26642

Description

When uploading an image file to a bulletin board developed with XpressEngine, a vulnerability in which an arbitrary file can be uploaded due to insufficient verification of the file. A remote attacker can use this vulnerability to execute arbitrary code on the server where the bulletin board is running.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
xpressengine/xpressenginePackagist
< 3.0.153.0.15

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.