CVE-2024-24028 | Likeshop up to 2.5.6 updateWechatInfo avatar server-side request forgery

Posted by Angelo Barbosa | Feb 29, 2024 | CVE

A vulnerability, which was classified as problematic, was found in Likeshop up to 2.5.6. This affects the function UserLogic::updateWechatInfo. The manipulation of the argument avatar leads to server-side request forgery.

This vulnerability is uniquely identified as CVE-2024-24028. The attack can only be done within the local network. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-24028 | Likeshop up to 2.5.6 updateWechatInfo avatar server-side request forgery

Related Posts

CVE-2023-44001 | Ailand Clinic mini-app on Line 13.6.1 Channel Access Token information disclosure

CVE-2023-44452 | Linux Mint Xreader CBT File Parser argument injection (ZDI-23-1836)

CVE-2024-31870 | IBM i 7.2/7.3/7.4/7.5 USRPRF Object observable response discrepancy (XFDB-287174)

CVE-2024-23505 | DearHive PDF Viewer & 3D PDF Flipbook Plugin up to 2.0.38 on WordPress cross site scripting