CVE-2024-24028 | Likeshop up to 2.5.6 updateWechatInfo avatar server-side request forgery

Posted by Angelo Barbosa | Feb 29, 2024 | CVE

A vulnerability, which was classified as problematic, was found in Likeshop up to 2.5.6. This affects the function UserLogic::updateWechatInfo. The manipulation of the argument avatar leads to server-side request forgery.

This vulnerability is uniquely identified as CVE-2024-24028. The attack can only be done within the local network. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-24028 | Likeshop up to 2.5.6 updateWechatInfo avatar server-side request forgery

Related Posts

CVE-2023-49150 | CurrencyRate Crypto Converter Widget Plugin up to 1.8.1 on WordPress cross site scripting

CVE-2024-50411 | Kevon Adonis WP Abstracts Plugin up to 2.7.1 on WordPress cross site scripting

CVE-2024-38507 | JetBrains Hub up to 2023.1.15725 Project Description cross site scripting

CVE-2024-29229 | Synology Surveillance Station prior 9.2.0-9289/9.2.0-11289 WebAPI GetLiveViewPath authorization (SA_24_04)