| tiêu đề | macrozheng mall 1.0.3 Unrestricted Upload |
|---|
| Mô tả | The mall is vulnerable to arbitrary file uploads due to missing file type sanitization and content validation in the the image uploader. This makes it possible for authenticated attackers, with product management permissions, to upload arbitrary files, which makes the platform susceptible to several serious security risks, including Stored Cross-Site Scripting (XSS), hosting of malicious content (malware/phishing). Given the platform's high usage (over 81.1k stars on GitHub), the vulnerability pose a significant threat to the platform's reputation and its users. The platform may be used to host malware executables, ZIP archives containing viruses, or phishing pages designed to mimic legitimate login forms. The attacker can then distribute the URL provided by the application, leveraging the e-commerce platform's reputation to trick users into downloading malware or submitting credentials. |
|---|
| Nguồn | ⚠️ https://github.com/N1n3b9S/cve/issues/13 |
|---|
| Người dùng | Anonymous User |
|---|
| Đệ trình | 27/07/2025 10:06 (cách đây 9 các tháng) |
|---|
| Kiểm duyệt | 08/08/2025 13:25 (12 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 319243 [macrozheng mall đến 1.0.3 Add Product Page /minio/upload Tệp tin Tập lệnh chéo trang] |
|---|
| điểm | 20 |
|---|