Title | Jpshop Jpshop <=1.5.02 Arbitrary File Upload |
---|
Description | The Jpshop software, version 1.5.02 and earlier, has an Arbitrary File Upload vulnerability in the /api/controllers/merchant/shop/PosterController.php file. This vulnerability occurs in the actionUpdate function, where a parameter named 'pic_url' can be manipulated to upload a file, which is saved without proper validation. This could potentially allow an attacker to upload malicious files, such as a PHP script, posing significant security risks including remote code execution. |
---|
Source | ⚠️ https://note.zhaoj.in/share/Lkrp36sa1EHO |
---|
User | glzjin (ID 59815) |
---|
Submission | 02/05/2024 06:59 (3 months ago) |
---|
Moderation | 02/06/2024 09:29 (1 day later) |
---|
Status | Accepted |
---|
VulDB Entry | 253002 |
---|