A vulnerability was found in Nanjing Xingyuantu Technology SparkShop up to 1.1.6. It has been rated as critical. This issue affects some unknown processing of the file /api/Common/uploadFile. The manipulation of the argument file leads to unrestricted upload.
The identification of this vulnerability is CVE-2024-6730. The attack may be initiated remotely. Furthermore, there is an exploit available.