An improper input validation vulnerability in Helpu solution could allow a local attacker to arbitrary file creation and execution without click file transfer menu. It is possible to file in arbitrary directory for user because the viewer program receive the file from agent with privilege of administrator.
References
Link | Resource |
---|---|
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36303 | Third Party Advisory |
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36303 | Third Party Advisory |
Configurations
History
21 Nov 2024, 05:37
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 4.6
v3 : 8.0 |
References | () https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36303 - Third Party Advisory |
Information
Published : 2021-10-27 01:15
Updated : 2024-11-21 05:37
NVD link : CVE-2020-7867
Mitre link : CVE-2020-7867
CVE.ORG link : CVE-2020-7867
JSON object : View
Products Affected
helpu
- helpuviewer
CWE
CWE-20
Improper Input Validation