Arbitrary File Creation Vulnerability in Nexacro Platform's Copy Method

CVE-2021-26612 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

An improper input validation leading to arbitrary file creation was discovered in copy method of Nexacro platform. Remote attackers use copy method to execute arbitrary command after the file creation included malicious code.

Learn more about our Web Application Penetration Testing UK.