CVE-2021-36122

Name of the Vulnerable Software and Affected Versions: Echo ShareCare version 8.15.5

Description: An issue was discovered in the UnzipFile feature, specifically in Access/EligFeedParse Sup/UnzipFile Upd.cfm, which is susceptible to a command argument injection vulnerability. This occurs when processing remote input in the zippass parameter from an authenticated user, allowing the injection of arbitrary arguments to 7z.exe.

Recommendations: For Echo ShareCare version 8.15.5, consider disabling the UnzipFile feature or restricting access to the zippass parameter in the UnzipFile Upd.cfm file until a patch is available. Additionally, restrict the execution of 7z.exe to prevent arbitrary argument injection.