Vulnerability Description
GigaCC OFFICE ver.2.3 and earlier allows remote attackers to upload arbitrary files as a user profile image, which may be exploited for unauthorized file sharing.
CVSS Score
6.5
MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gigaccsecure | Gigacc Office | 2.3 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/95680
- https://asp.gigacc.com/user/publicurl/view.do%3Bjsessionid=28438FE401A764B7CEDB3
- https://jvn.jp/en/vu/JVNVU91417143/index.htmlThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/95680
- https://asp.gigacc.com/user/publicurl/view.do%3Bjsessionid=28438FE401A764B7CEDB3
- https://jvn.jp/en/vu/JVNVU91417143/index.htmlThird Party AdvisoryVDB Entry
FAQ
What is CVE-2016-7845?
CVE-2016-7845 is a vulnerability with a CVSS score of 6.5 (MEDIUM). GigaCC OFFICE ver.2.3 and earlier allows remote attackers to upload arbitrary files as a user profile image, which may be exploited for unauthorized file sharing.
How severe is CVE-2016-7845?
CVE-2016-7845 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-7845?
Check the references section above for vendor advisories and patch information. Affected products include: Gigaccsecure Gigacc Office.