| Title | JPShop JPShop <=1.5.02 Arbitrary File Upload |
|---|
| Description | The JPShop application, specifically in versions up to and including 1.5.02, has been identified to contain an Arbitrary File Upload vulnerability within the AppController.php file located in the /api/controllers/admin/app/ directory. This vulnerability arises from the actionIndex function, which improperly handles user-supplied input in the app_pic_url parameter. Attackers can exploit this flaw by encoding malicious files in Base64 and submitting them through a POST request, which the application then decodes and saves without adequate validation. Consequently, this can lead to the execution of arbitrary code by navigating to the uploaded file using another endpoint that reveals the filename. |
|---|
| Source | ⚠️ https://note.zhaoj.in/share/rCt6PpJxBvuI |
|---|
| User | glzjin (UID 59815) |
|---|
| Submission | 02/04/2024 08:45 (2 years ago) |
|---|
| Moderation | 02/06/2024 09:29 (2 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 252998 [Juanpao JPShop up to 1.5.02 API AppController.php app_pic_url unrestricted upload] |
|---|
| Points | 20 |
|---|