Invia #264616: DESHANG DSMall <=6.1.0 Arbitrary files createinformazioni

TitoloDESHANG DSMall <=6.1.0 Arbitrary files create
DescrizioneThe DSMall system, a popular e-commerce platform, has a critical vulnerability in its TaobaoExport.php file. This flaw allows authenticated sellers to create arbitrary files on the server, including PHP files, which can lead to remote code execution. The issue arises from the lack of proper filtering when downloading and storing images from product details. By manipulating the image URL, an attacker can force the server to download and execute a PHP file from an external source. This vulnerability is present in DSMall versions up to and including 6.1.0.
Fonte⚠️ https://note.zhaoj.in/share/63LhFitJmKGR
Utente
 glzjin (UID 59815)
Sottomissione09/01/2024 08:10 (2 anni fa)
Moderazione11/01/2024 11:23 (2 days later)
StatoAccettato
Voce VulDB250435 [DeShang DSMall fino a 6.1.0 Image URL TaobaoExport.php escalationi di privilegi]
Punti20

PrecedenteVisione D'ensembleIl prossimo

Might our Artificial Intelligence support you?

Check our Alexa App!