PT-2021-12674 · Innorix · Innorix Web-Based File Transfer Solution

Hyeonjin Ko

Published

2021-04-19

Updated

2021-04-23

CVE-2020-7851

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Innorix Web-Based File Transfer Solution versions prior to and including 9.2.18.385

Description: The issue allows remote files to be downloaded and executed by setting the arguments to an internal method. A remote attacker could induce a user to access a crafted web page, potentially causing damage such as malicious code infection.

Recommendations: For versions prior to and including 9.2.18.385, update to a version later than 9.2.18.385 to resolve the issue.

Fix

Argument Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-88

Related Identifiers

CVE-2020-7851

Affected Products

Innorix Web-Based File Transfer Solution

PT-2021-12674 · Innorix · Innorix Web-Based File Transfer Solution

CVE-2020-7851

Weakness Enumeration

Related Identifiers

Affected Products

References · 4