CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-7831
https://notcve.org/view.php?id=CVE-2020-7831
24 Aug 2020 — A vulnerability in the web-based contract management service interface Ebiz4u of INOGARD could allow an victim user to download any file. The attacker is able to use startup menu directory via directory traversal for automatic execution. The victim user need to reboot, however. Una vulnerabilidad en la interfaz de servicios de administración de contratos basada en web Ebiz4u de INOGARD, podría permitir a un usuario víctima descargar cualquier archivo. El atacante es capaz de utilizar el directorio del menú ... • https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35559 • CWE-494: Download of Code Without Integrity Check •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2019-19165
https://notcve.org/view.php?id=CVE-2019-19165
29 Apr 2020 — AxECM.cab(ActiveX Control) in Inogard Ebiz4u contains a vulnerability that could allow remote files to be downloaded and executed by setting arguments to the activeX method. Download of Code Without Integrity Check vulnerability in ActiveX control of Inogard Co,,LTD Ebiz4u ActiveX of Inogard Co,,LTD(AxECM.cab) allows ATTACKER to cause a file download to Windows user's folder and execute. This issue affects: Inogard Co,,LTD Ebiz4u ActiveX of Inogard Co,,LTD(AxECM.cab) version 1.0.5.0 and later versions on wi... • http://www.ebiz4u.co.kr/home.do • CWE-494: Download of Code Without Integrity Check •