□ Overview
o RAONwiz Co,Ltd released security update to address a Remote Code Execution vulnerability in Dext5 Editor
Vulnerability Type |
Impact |
Severity |
CVSS |
CVE ID |
File upload |
Code execution |
High |
7.8 |
CVE-2020-7864 |
□ Description
o Parameter manipulation can bypass authentication to cause file upload and execution. This will execute the remote code.(CVE-2020-7864)
□ Affected Products
Product |
Version |
DEXT5 Editor |
server 3.5.1405747.1100.03 and prior |
□ Solution
o update software over RAONwiz Dext5Editor 3.5.1407042.1800.01 version or higher.
□ Acknowledgements
o Thanks to Kang Bong Goo for reporting this vulnerability.
□ Reference site
[1] http://www.dext5.com/page/support/notice.aspx
□ 작성 : 침해사고분석단 취약점분석팀 |