A vulnerability classified as critical was found in Likeshop up to This vulnerability affects the function FileServer::userFormImage of the file server/application/api/controller/File.php of the component HTTP POST Request Handler. The manipulation of the argument file leads to unrestricted upload.

This vulnerability was named CVE-2024-0352. The attack can be initiated remotely. Furthermore, there is an exploit available.