CVE-2021-26551

An issue was discovered in SmartFoxServer 2.17.0. An attacker can execute arbitrary Python code, and bypass the javashell.py protection mechanism, by creating /config/ConsoleModuleUnlock.txt and editing /config/admin/admintool.xml to enable the Console module.
Configurations

Configuration 1 (hide)

cpe:2.3:a:smartfoxserver:smartfoxserver:2.17.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-02-09 20:15

Updated : 2024-02-28 18:08


NVD link : CVE-2021-26551

Mitre link : CVE-2021-26551

CVE.ORG link : CVE-2021-26551


JSON object : View

Products Affected

smartfoxserver

  • smartfoxserver
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')