- Risk: medium
- CVSS v3 Base Score: 6.6
- CVSS v3 Vector: AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
- CWE ID: CWE-78
- CWE Name: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
- CVE: CVE-2021-33827
Description
In the administration settings of the files_antivirus app it was possible to execute arbitrary code.
Affected
- files_antivirus < v1.0.0
Action taken
Moved the specific settings to the config.php file and removed them from the web ui.