CVE-2021-26642 - When uploading an image file to a bulletin board developed with XpressEngine, a vulnerability in whi

CVE-2021-26642

Summary

When uploading an image file to a bulletin board developed with XpressEngine, a vulnerability in which an arbitrary file can be uploaded due to insufficient verification of the file. A remote attacker can use this vulnerability to execute arbitrary code on the server where the bulletin board is running.

References

https://boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=67125

Vulnerable Configurations

cpe:2.3:a:xpressengine:xpressengine:-:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:-:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.7.3.6:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.7.3.6:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.7.3.7:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.7.3.7:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.7.3.8:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.7.3.8:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.7.4:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.7.4:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.7.4.1:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.7.4.1:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.7.4.2:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.7.4.2:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.7.5:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.7.5:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.7.5:-:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.7.5:-:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.7.5:beta2:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.7.5:beta2:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.7.5.1:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.7.5.1:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.7.5.2:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.7.5.2:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.7.5.3:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.7.5.3:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.7.5.4:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.7.5.4:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.7.5.5:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.7.5.5:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.7.5.6:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.7.5.6:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.7.5.7:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.7.5.7:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.7.6:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.7.6:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.7.7:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.7.7:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.7.7.1:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.7.7.1:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.7.7.2:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.7.7.2:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.7.8:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.7.8:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.7.9:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.7.9:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.7.10:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.7.10:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.7.11:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.7.11:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.7.12:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.7.12:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.7.13:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.7.13:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.0:-:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.0:-:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.0:beta:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.0:beta:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.0:beta2:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.0:beta2:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.0:beta3:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.0:beta3:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.1:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.1:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.2:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.2:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.3:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.3:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.4:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.4:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.5:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.5:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.6:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.6:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.7:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.7:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.8:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.8:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.9:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.9:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.10:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.10:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.11:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.11:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.12:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.12:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.13:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.13:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.14:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.14:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.15:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.15:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.16:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.16:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.17:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.17:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.18:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.18:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.19:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.19:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.20:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.20:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.21:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.21:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.22:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.22:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.23:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.23:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.24:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.24:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.25:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.25:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.26:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.26:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.27:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.27:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.28:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.28:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.29:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.29:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.30:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.30:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.31:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.31:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.32:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.32:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.33:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.33:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.34:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.34:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.35:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.35:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.36:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.36:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.37:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.37:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.38:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.38:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.39:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.39:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.40:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.40:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.41:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.41:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.42:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.42:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.43:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.43:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.44:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.44:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.45:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.45:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.46:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.8.46:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.9.1:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.9.1:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.9.2:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.9.2:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.9.3:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.9.3:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.9.4:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.9.4:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.9.5:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.9.5:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.9.6:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.9.6:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.9.7:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.9.7:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.9.8:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.9.8:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.11.0:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.11.0:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.11.1:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.11.1:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.11.2:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.11.2:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.11.3:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.11.3:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.11.4:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.11.4:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.11.5:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.11.5:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.11.6:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:1.11.6:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:-:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:-:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:beta:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:beta:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:beta10:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:beta10:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:beta11:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:beta11:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:beta12:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:beta12:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:beta13:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:beta13:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:beta14:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:beta14:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:beta15:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:beta15:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:beta16:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:beta16:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:beta17:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:beta17:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:beta18:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:beta18:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:beta19:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:beta19:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:beta20:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:beta20:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:beta21:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:beta21:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:beta22:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:beta22:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:beta23:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:beta23:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:beta24:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:beta24:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:beta25:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:beta25:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:beta26:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:beta26:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:beta27:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:beta27:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:beta28:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:beta28:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:beta29:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:beta29:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:beta30:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:beta30:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:beta4:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:beta4:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:beta5:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:beta5:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:beta6:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:beta6:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:beta7:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:beta7:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:beta8:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:beta8:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:beta9:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:beta9:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:dev2:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:dev2:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:dev3:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:dev3:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:dev4:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:dev4:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:dev5:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:dev5:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:dev6:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:dev6:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:rc3:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:rc3:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:rc4:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:rc4:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:rc5:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:rc5:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:rc6:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:rc6:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:rc7:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:rc7:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:rc8:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.0:rc8:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.5:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.5:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.6:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.6:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.7:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.7:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.8:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.8:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.9:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.9:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.10:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.10:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.11:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.11:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.12:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.12:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.13:*:*:*:*:*:*:*
cpe:2.3:a:xpressengine:xpressengine:3.0.13:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

CVSS

Base:	None
Impact:
Exploitability:

CWE

CWE-434

CAPEC

Accessing Functionality Not Properly Constrained by ACLs
In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application's functionality; particularly URL's for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to.

Access

Vector	Complexity	Authentication

Impact

Confidentiality	Integrity	Availability

Last major update

02-02-2023 - 17:09

Published

20-01-2023 - 17:15

Last modified

02-02-2023 - 17:09