CVE-2024-0352 | Likeshop up to 2.5.7.20210311 HTTP POST Request File.php userFormImage file unrestricted upload

Inserito da Angelo Barbosa | Gen 9, 2024 | CVE

A vulnerability classified as critical was found in Likeshop up to 2.5.7.20210311. This vulnerability affects the function FileServer::userFormImage of the file server/application/api/controller/File.php of the component HTTP POST Request Handler. The manipulation of the argument file leads to unrestricted upload.

This vulnerability was named CVE-2024-0352. The attack can be initiated remotely. Furthermore, there is an exploit available.

CVE-2024-0352 | Likeshop up to 2.5.7.20210311 HTTP POST Request File.php userFormImage file unrestricted upload

Post correlati

CVE-2024-32745 | WonderCMS 3.4.3 Current Page Module PAGE DESCRIPTION cross site scripting

CVE-2023-49257 | Hongdian H8951-4G-ESP prior 2310271149 CGI File permission assignment

CVE-2024-0436 | mintplex-labs anything-llm up to 0.0.x timing discrepancy

CVE-2023-28874 | Seafile 9.0.6 /accounts/login next redirect