A vulnerability has been found in Juanpao JPShop up to 1.5.02 and classified as critical. Affected by this vulnerability is the function
actionUpdate
of the file /api/controllers/common/UploadsController.php. The manipulation of the argument imgage leads to unrestricted upload.
This vulnerability is known as CVE-2024-1264. The attack can be launched remotely. Furthermore, there is an exploit available.