| عنوان | An arbitrary file upload vulnerability in the /ecshop/admin/template.php component of EcShop v4.1.5 allows attackers to get webshell or execute arbitrary code via a crafted ".phP" file. |
|---|
| الوصف | Vulnerability type:upload webshell
product: Ecshop(An open source product sales website used by many Chinese online shopping websites )
Version:V4.1.5
Firmware download address: https://www.ecshop.com/download or my clone source https://github.com/jingping911/exshopbug
Affected component:/ecshop/admin/template.php
Attack type:Remote
Attack vector detail: https://github.com/jingping911/exshopbug/blob/main/README.md
Impact: Code Execution
Description:An arbitrary file upload vulnerability in the /ecshop/admin/template.php component of EcShop v4.1.5 allows attackers to get webshell or execute arbitrary code via a crafted ".phP" file. |
|---|
| المصدر | ⚠️ https://github.com/jingping911/exshopbug/blob/main/README.md |
|---|
| المستخدم | wjp911 (UID 40747) |
|---|
| ارسال | 11/02/2023 11:44 AM (3 سنوات منذ) |
|---|
| الاعتدال | 11/02/2023 06:04 PM (6 hours later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 220641 [EcShop 4.1.5 PHP File template.php تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|