| Título | An arbitrary file upload vulnerability in the /ecshop/admin/template.php component of EcShop v4.1.5 allows attackers to get webshell or execute arbitrary code via a crafted ".phP" file. |
|---|
| Descrição | Vulnerability type:upload webshell
product: Ecshop(An open source product sales website used by many Chinese online shopping websites )
Version:V4.1.5
Firmware download address: https://www.ecshop.com/download or my clone source https://github.com/jingping911/exshopbug
Affected component:/ecshop/admin/template.php
Attack type:Remote
Attack vector detail: https://github.com/jingping911/exshopbug/blob/main/README.md
Impact: Code Execution
Description:An arbitrary file upload vulnerability in the /ecshop/admin/template.php component of EcShop v4.1.5 allows attackers to get webshell or execute arbitrary code via a crafted ".phP" file. |
|---|
| Fonte | ⚠️ https://github.com/jingping911/exshopbug/blob/main/README.md |
|---|
| Utilizador | wjp911 (UID 40747) |
|---|
| Submissão | 11/02/2023 11h44 (há 3 anos) |
|---|
| Moderação | 11/02/2023 18h04 (6 hours later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 220641 [EcShop 4.1.5 PHP File template.php Elevação de Privilégios] |
|---|
| Pontos | 20 |
|---|