Описание
A vulnerability in the ExtCommon.dll user extension module version 9.2, 9.2.1, 9.2.2 of Xplatform ActiveX could allow attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command parameters. An crafted malicious parameters could cause arbitrary command to execute.
Ссылки
- Vendor Advisory
- Third Party Advisory
- Vendor Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
Одно из
cpe:2.3:a:tobesoft:xplatform:9.2:*:*:*:*:*:*:*
cpe:2.3:a:tobesoft:xplatform:9.2.1:*:*:*:*:*:*:*
cpe:2.3:a:tobesoft:xplatform:9.2.2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
EPSS
Процентиль: 78%
0.01092
Низкий
7.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-20
Связанные уязвимости
CVSS3: 7.8
github
больше 3 лет назад
A vulnerability in the ExtCommon.dll user extension module version 9.2, 9.2.1, 9.2.2 of Xplatform ActiveX could allow attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command parameters. An crafted malicious parameters could cause arbitrary command to execute.
EPSS
Процентиль: 78%
0.01092
Низкий
7.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-20