| Title | macrozheng mall 1.0.3 Unrestricted Upload |
|---|
| Description | The mall is vulnerable to arbitrary file uploads due to missing file type sanitization and content validation in the the image uploader. This makes it possible for authenticated attackers, with product management permissions, to upload arbitrary files, which makes the platform susceptible to several serious security risks, including Stored Cross-Site Scripting (XSS), hosting of malicious content (malware/phishing). Given the platform's high usage (over 81.1k stars on GitHub), the vulnerability pose a significant threat to the platform's reputation and its users. The platform may be used to host malware executables, ZIP archives containing viruses, or phishing pages designed to mimic legitimate login forms. The attacker can then distribute the URL provided by the application, leveraging the e-commerce platform's reputation to trick users into downloading malware or submitting credentials. |
|---|
| Source | ⚠️ https://github.com/N1n3b9S/cve/issues/13 |
|---|
| User | Anonymous User |
|---|
| Submission | 07/27/2025 10:06 (8 months ago) |
|---|
| Moderation | 08/08/2025 13:25 (12 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 319243 [macrozheng mall up to 1.0.3 Add Product Page /minio/upload File cross site scripting] |
|---|
| Points | 20 |
|---|