Primary

Context

Samsung MagicINFO 9 Server Unrestricted File Upload Vulnerability Allowing Code Injection

Vulnerability

A vulnerability in Samsung Electronics MagicINFO 9 Server, versions prior to 21.1080.0, allows for unrestricted file uploads of dangerous types, leading to code injection. This issue arises from improper validation of uploaded files, enabling the execution of malicious code on the server.

Impact

Exploitation of this vulnerability could result in unauthorized code execution on the server where MagicINFO 9 Server is installed.

Remediation

Users can check for the latest firmware updates on the Samsung website. If the default update settings are enabled, the latest version will have been automatically installed. For specific patch information related to this vulnerability, refer to the Samsung Security Vulnerability Patch (SVP) program.

Added: Jul 23, 2025, 6:16 AM

Updated: Jul 23, 2025, 6:16 AM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

10.0

exploitability

7.4

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

10.0

exploitability

7.4

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Samsung MagicINFO 9 Server Unrestricted File Upload Vulnerability Allowing Code Injection

Vulnerability

Impact

Remediation

Affected Products

Samsung MagicINFO 9 Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating