| Título | An arbitrary file upload vulnerability in the /ecshop/admin/template.php component of EcShop v4.1.5 allows attackers to get webshell or execute arbitrary code via a crafted ".phP" file. |
|---|
| Descripción | Vulnerability type:upload webshell
product: Ecshop(An open source product sales website used by many Chinese online shopping websites )
Version:V4.1.5
Firmware download address: https://www.ecshop.com/download or my clone source https://github.com/jingping911/exshopbug
Affected component:/ecshop/admin/template.php
Attack type:Remote
Attack vector detail: https://github.com/jingping911/exshopbug/blob/main/README.md
Impact: Code Execution
Description:An arbitrary file upload vulnerability in the /ecshop/admin/template.php component of EcShop v4.1.5 allows attackers to get webshell or execute arbitrary code via a crafted ".phP" file. |
|---|
| Fuente | ⚠️ https://github.com/jingping911/exshopbug/blob/main/README.md |
|---|
| Usuario | wjp911 (UID 40747) |
|---|
| Sumisión | 2023-02-11 11:44 (hace 3 años) |
|---|
| Moderación | 2023-02-11 18:04 (6 hours later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 220641 [EcShop 4.1.5 PHP File template.php escalada de privilegios] |
|---|
| Puntos | 20 |
|---|