| Title | Jpshop Jpshop <=1.5.02 Arbitrary File Upload |
|---|
| Description | The Jpshop software, version 1.5.02 and earlier, has an Arbitrary File Upload vulnerability in the /api/controllers/merchant/shop/PosterController.php file. This vulnerability occurs in the actionUpdate function, where a parameter named 'pic_url' can be manipulated to upload a file, which is saved without proper validation. This could potentially allow an attacker to upload malicious files, such as a PHP script, posing significant security risks including remote code execution. |
|---|
| Source | ⚠️ https://note.zhaoj.in/share/Lkrp36sa1EHO |
|---|
| User | glzjin (ID 59815) |
|---|
| Submission | 2024-02-05 06時59分 (4 months ago) |
|---|
| Moderation | 2024-02-06 09時29分 (1 day later) |
|---|
| Status | 已接受 |
|---|
| VulDB Entry | 253002 |
|---|