본문내용 바로가기 메인메뉴 바로가기 푸터 바로가기

Security Advisory

CVE-2021-26610 | godomall5 remote code execution vulnerability2021.10.26
□ Overview
 o NHN COMMERCE Corp., released security update to address remote code execution vulnerability in godomall5.
 
Vulnerability Type Impact Severity CVSS Score CVE ID
Missing support for 
integrity check
remote code execution High 7.2 CVE-2021-26610

□ Description
 o The move_uploaded_file function in godomall5 does not perform an integrity check of extension or authority when user upload file.
o This vulnerability allows an attacker to execute arbirary code.

□ Affected Product
Product Version Platform
godoamall5 Std, godomall5 Pro 6 / 9 Windows

□ Solution
 o Install the patch file of godomall5 to solve this vulnerability.

□ Reference
 [1] https://nhn-commerce.com/production/standard/pc-in.gd

□ Etc
 o Thanks to Yelang Lee for reporting this vulnerability.

 


□ 작성 : 침해사고분석단 취약점분석팀