본문내용 바로가기 메인메뉴 바로가기 푸터 바로가기

Security Advisory

CVE-2020-7864 | Raonwiz DEXT5 Editor File upload and Execution vulnerability2021.06.14
□ Overview
o RAONwiz Co,Ltd released security update to address a Remote Code Execution vulnerability in Dext5 Editor
Vulnerability Type Impact Severity CVSS CVE ID
File upload Code execution High 7.8 CVE-2020-7864
 
□ Description
o Parameter manipulation can bypass authentication to cause file upload and execution. This will execute the remote code.(CVE-2020-7864)

□ Affected Products
Product Version
DEXT5 Editor server 3.5.1405747.1100.03 and prior
 
□ Solution
o update software over RAONwiz Dext5Editor 3.5.1407042.1800.01 version or higher.

□ Acknowledgements
 o Thanks to Kang Bong Goo for reporting this vulnerability.
 
□ Reference site
 [1] http://www.dext5.com/page/support/notice.aspx
 


□ 작성 : 침해사고분석단 취약점분석팀