| Title | nopCommerce up to 4.2.0 Privilege Escalation via Plugin Upload |
|---|
| Description | It was identified that NopCommerce v4.2.0 was affected by a privilege escalation via file upload as it fails to adequately analyse uploaded files. This can allow the upload of malicious files, such as malware, web-shells or other executable code. An attacker who uploads files of this nature can compromise the underlying application server. Specifically, an attacker or normal user with access to the Admin area, may leverage this issue uploading a specially crafted plugin, obtaining command execution on the underlying server operating system.
The weakness was discovered by Alessandro Magnosi (d3adc0de) and presented 12/04/2019. This vulnerability has not been assigned a CVE ID yet. The exploitability is told to be easy. It is possible to launch the attack remotely. A single authentication is necessary for exploitation. Technical details are known, and there is an available exploit, developed by Alessandro Magnosi (d3adc0de).
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product. |
|---|
| Source | ⚠️ https://github.com/klezVirus/cves/tree/master/NopCommerce/Privilege%20Escalation%20via%20Plugin%20Upload |
|---|
| User | Anonymous User |
|---|
| Submission | 12/06/2019 17:12 (6 years ago) |
|---|
| Moderation | 12/10/2019 08:57 (4 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 146825 [Nop Solution Ltd nopCommerce 4.2.0 on ASP.NET File Upload PluginController.cs Custom Plugin unrestricted upload] |
|---|
| Points | 20 |
|---|