o NHN COMMERCE Corp., released security update to address remote code execution vulnerability in godomall5.
|Missing support for
|remote code execution
o The move_uploaded_file function in godomall5 does not perform an integrity check of extension or authority when user upload file.
o This vulnerability allows an attacker to execute arbirary code.
□ Affected Product
|godoamall5 Std, godomall5 Pro
||6 / 9
o Install the patch file of godomall5 to solve this vulnerability.
o Thanks to Yelang Lee for reporting this vulnerability.
□ 작성 : 침해사고분석단 취약점분석팀