| Titolo | Likeshop Likeshop ≤2.5.7.20210311 Pre-authentication arbitrary file upload |
|---|
| Descrizione | The LikeShop application, specifically version 2.5.7.20210311 and possibly earlier, is vulnerable to a pre-authentication arbitrary file upload vulnerability within the `File.php` controller. An attacker can exploit this vulnerability by sending a crafted POST request to the `FileServer::userFormImage` function, allowing the upload of a PHP file without proper validation. This uploaded PHP file can then be executed on the server, leading to remote code execution (RCE). This vulnerability was disclosed by a researcher known as glzjin. |
|---|
| Fonte | ⚠️ https://note.zhaoj.in/share/ciwYj7QXC4sZ |
|---|
| Utente | glzjin (UID 59815) |
|---|
| Sottomissione | 06/01/2024 17:32 (3 anni fa) |
|---|
| Moderazione | 09/01/2024 15:20 (3 days later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 250120 [Likeshop fino a 2.5.7.20210311 HTTP POST Request File.php userFormImage File escalationi di privilegi] |
|---|
| Punti | 20 |
|---|