CVE-2021-26642

Name of the Vulnerable Software and Affected Versions XpressEngine (affected versions not specified)

Description The issue arises from insufficient verification of uploaded files, allowing a remote attacker to upload arbitrary files and potentially execute arbitrary code on the server hosting the bulletin board. This can be achieved when uploading an image file to a bulletin board developed with the affected software.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.