CVE-2021-27817

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-27817
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-27817.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-27817
Aliases
Published
2021-03-15T17:15:22Z
Modified
2024-10-12T07:10:12.628915Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A remote command execution vulnerability in shopxo 1.9.3 allows an attacker to upload malicious code generated by phar where the suffix is JPG, which is uploaded after modifying the phar suffix.

References

Affected packages

Git / github.com/gongfuxiang/shopxo

Affected ranges

Type
GIT
Repo
https://github.com/gongfuxiang/shopxo
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

v1.*

v1.1.0
v1.2.0
v1.4.0
v1.5.0
v1.6.0
v1.7.0
v1.8.0
v1.8.1
v1.9.0
v1.9.1
v1.9.2
v1.9.3