| Title | Jpshop Jpshop <=1.5.02 Arbitrary File Upload |
|---|
| Description | The Jpshop software, version 1.5.02 and earlier, has an Arbitrary File Upload vulnerability in the /api/controllers/merchant/shop/PosterController.php file. This vulnerability occurs in the actionUpdate function, where a parameter named 'pic_url' can be manipulated to upload a file, which is saved without proper validation. This could potentially allow an attacker to upload malicious files, such as a PHP script, posing significant security risks including remote code execution. |
|---|
| Source | ⚠️ https://note.zhaoj.in/share/Lkrp36sa1EHO |
|---|
| User | glzjin (ID 59815) |
|---|
| Submission | 05/02/2024 06:59 (4 months ago) |
|---|
| Moderation | 06/02/2024 09:29 (1 day later) |
|---|
| Status | Accepté |
|---|
| VulDB Entry | 253002 |
|---|