| Titel | An arbitrary file upload vulnerability in the /ecshop/admin/template.php component of EcShop v4.1.5 allows attackers to get webshell or execute arbitrary code via a crafted ".phP" file. |
|---|
| Beschreibung | Vulnerability type:upload webshell
product: Ecshop(An open source product sales website used by many Chinese online shopping websites )
Version:V4.1.5
Firmware download address: https://www.ecshop.com/download or my clone source https://github.com/jingping911/exshopbug
Affected component:/ecshop/admin/template.php
Attack type:Remote
Attack vector detail: https://github.com/jingping911/exshopbug/blob/main/README.md
Impact: Code Execution
Description:An arbitrary file upload vulnerability in the /ecshop/admin/template.php component of EcShop v4.1.5 allows attackers to get webshell or execute arbitrary code via a crafted ".phP" file. |
|---|
| Quelle | ⚠️ https://github.com/jingping911/exshopbug/blob/main/README.md |
|---|
| Benutzer | wjp911 (UID 40747) |
|---|
| Einreichung | 11.02.2023 11:44 (vor 3 Jahren) |
|---|
| Moderieren | 11.02.2023 18:04 (6 hours later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 220641 [EcShop 4.1.5 PHP File template.php erweiterte Rechte] |
|---|
| Punkte | 20 |
|---|