| 제목 | macrozheng mall 1.0.3 Unrestricted Upload |
|---|
| 설명 | The mall is vulnerable to arbitrary file uploads due to missing file type sanitization and content validation in the the image uploader. This makes it possible for authenticated attackers, with product management permissions, to upload arbitrary files, which makes the platform susceptible to several serious security risks, including Stored Cross-Site Scripting (XSS), hosting of malicious content (malware/phishing). Given the platform's high usage (over 81.1k stars on GitHub), the vulnerability pose a significant threat to the platform's reputation and its users. The platform may be used to host malware executables, ZIP archives containing viruses, or phishing pages designed to mimic legitimate login forms. The attacker can then distribute the URL provided by the application, leveraging the e-commerce platform's reputation to trick users into downloading malware or submitting credentials. |
|---|
| 원천 | ⚠️ https://github.com/N1n3b9S/cve/issues/13 |
|---|
| 사용자 | Anonymous User |
|---|
| 제출 | 2025. 07. 27. AM 10:06 (9 개월 ago) |
|---|
| 모더레이션 | 2025. 08. 08. PM 01:25 (12 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 319243 [macrozheng mall 까지 1.0.3 Add Product Page /minio/upload 파일 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|