CVE-2024-1263 | Juanpao JPShop up to 1.5.02 API PosterController.php actionUpdate pic_url unrestricted upload

Posted by Angelo Barbosa | Feb 6, 2024 | CVE

A vulnerability, which was classified as critical, was found in Juanpao JPShop up to 1.5.02. Affected is the function actionUpdate of the file /api/controllers/merchant/shop/PosterController.php of the component API. The manipulation of the argument pic_url leads to unrestricted upload.

This vulnerability is traded as CVE-2024-1263. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

CVE-2024-1263 | Juanpao JPShop up to 1.5.02 API PosterController.php actionUpdate pic_url unrestricted upload

Related Posts

CVE-2024-20336 | Cisco Business Wireless Access Point Software up to 1.0.5.0 Web-based User Interface stack-based overflow (cisco-sa-sb-wap-multi-85G83CRB)

CVE-2023-6649 | PHPGurukul Teacher Subject Allocation Management System 1.0 index.php searchdata cross site scripting

CVE-2024-20761 | Adobe Animate 2023/Animate 2024 out-of-bounds write (APSB24-19)

CVE-2024-5803 | AVG/Avast Antivirus up to 24.0 COM AVGUI.exe toctou