CRITICAL🇬🇧 English

CVE-2021-23247

CVSS 9.8v3.1pub. 2022-04-01upd. 2024-11-21

A command injection vulerability found in quick game engine allows arbitrary remote code in quick app. Allows remote attacke0rs to gain arbitrary code execution in quick game engine

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Oppo Quick App

    APP
    Oppo
    4.5.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCE
CWE
Referencje

Powiązane podatności

CVE-2024-1608CRITICAL9.1PL ✓ten sam vendor

Privilege escalation w OPPO Usercenter Credit SDK — wyciek danych aplikacji

CVE-2020-11829CRITICAL9.8ten sam vendor

Dynamic loading of services in the backup and restore SDK leads to elevated privileges, affected product is co...

CVE-2020-11830CRITICAL9.8ten sam vendor

QualityProtect has a vulnerability to execute arbitrary system commands, affected product is com.oppo.qualityp...

CVE-2020-11831CRITICAL9.8ten sam vendor

OvoiceManager has system permission to write vulnerability reports for arbitrary files, affected product is co...

CVE-2026-22070HIGH7.1ten sam vendor

ColorOS Assistant has an unauthenticated start-download channel, leading to file path traversal.