| タイトル | An arbitrary file upload vulnerability in the /ecshop/admin/template.php component of EcShop v4.1.5 allows attackers to get webshell or execute arbitrary code via a crafted ".phP" file. |
|---|
| 説明 | Vulnerability type:upload webshell
product: Ecshop(An open source product sales website used by many Chinese online shopping websites )
Version:V4.1.5
Firmware download address: https://www.ecshop.com/download or my clone source https://github.com/jingping911/exshopbug
Affected component:/ecshop/admin/template.php
Attack type:Remote
Attack vector detail: https://github.com/jingping911/exshopbug/blob/main/README.md
Impact: Code Execution
Description:An arbitrary file upload vulnerability in the /ecshop/admin/template.php component of EcShop v4.1.5 allows attackers to get webshell or execute arbitrary code via a crafted ".phP" file. |
|---|
| ソース | ⚠️ https://github.com/jingping911/exshopbug/blob/main/README.md |
|---|
| ユーザー | wjp911 (UID 40747) |
|---|
| 送信 | 2023年02月11日 11:44 (3 年 ago) |
|---|
| モデレーション | 2023年02月11日 18:04 (6 hours later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 220641 [EcShop 4.1.5 PHP File template.php 特権昇格] |
|---|
| ポイント | 20 |
|---|