CVE-2024-6730 | Nanjing Xingyuantu Technology SparkShop up to 1.1.6 /api/Common/uploadFile file unrestricted upload

Inserito da Angelo Barbosa | Lug 13, 2024 | CVE

A vulnerability was found in Nanjing Xingyuantu Technology SparkShop up to 1.1.6. It has been rated as critical. This issue affects some unknown processing of the file /api/Common/uploadFile. The manipulation of the argument file leads to unrestricted upload.

The identification of this vulnerability is CVE-2024-6730. The attack may be initiated remotely. Furthermore, there is an exploit available.

CVE-2024-6730 | Nanjing Xingyuantu Technology SparkShop up to 1.1.6 /api/Common/uploadFile file unrestricted upload

Post correlati

CVE-2024-30204 | GNU Emacs up to 29.2 LaTeX Preview Remote Code Execution

CVE-2023-41099 | Atos Eviden CardOS API prior 5.5.5.2811 on Windows Installer Local Privilege Escalation

CVE-2024-6548 | Add Admin JavaScript Plugin up to 2.0 on WordPress information disclosure

CVE-2024-0730 | Project Worlds Online Time Table Generator 1.0 course_ajax.php id sql injection