| Title | DESHANG DSMall <=6.1.0 Arbitrary files create |
|---|
| Description | The DSMall system, a popular e-commerce platform, has a critical vulnerability in its TaobaoExport.php file. This flaw allows authenticated sellers to create arbitrary files on the server, including PHP files, which can lead to remote code execution. The issue arises from the lack of proper filtering when downloading and storing images from product details. By manipulating the image URL, an attacker can force the server to download and execute a PHP file from an external source. This vulnerability is present in DSMall versions up to and including 6.1.0. |
|---|
| Source | ⚠️ https://note.zhaoj.in/share/63LhFitJmKGR |
|---|
| User | glzjin (ID 59815) |
|---|
| Submission | 2024-01-09 08:10 (4 months ago) |
|---|
| Moderation | 2024-01-11 11:23 (2 days later) |
|---|
| Status | Przyjęty |
|---|
| VulDB Entry | 250435 |
|---|