| Title | DESHANG DSMall <=6.1.0 Arbitrary files create |
|---|
| Description | The DSMall system, a popular e-commerce platform, has a critical vulnerability in its TaobaoExport.php file. This flaw allows authenticated sellers to create arbitrary files on the server, including PHP files, which can lead to remote code execution. The issue arises from the lack of proper filtering when downloading and storing images from product details. By manipulating the image URL, an attacker can force the server to download and execute a PHP file from an external source. This vulnerability is present in DSMall versions up to and including 6.1.0. |
|---|
| Source | ⚠️ https://note.zhaoj.in/share/63LhFitJmKGR |
|---|
| User | glzjin (UID 59815) |
|---|
| Submission | 01/09/2024 08:10 (2 years ago) |
|---|
| Moderation | 01/11/2024 11:23 (2 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 250435 [DeShang DSMall up to 6.1.0 Image URL TaobaoExport.php access control] |
|---|
| Points | 20 |
|---|