Unrestricted file upload

2022-04-0414:15:00

PRIOn knowledge base

www.prio-n.com

8.6 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.9%

JSON

An unrestricted file upload at /public/admin/index.php?add_product of Ecommerce-Website v1.1.0 allows attackers to upload a webshell via the Product Image component.

CPENameOperatorVersion
ecommerce-websiteeq1.1.0

CPE	Name	Operator	Version
	ecommerce-website	eq	1.1.0

References

drive.google.com/file/d/1op00zVWSuHO4US_iAkD0aTM-tHqqtrIl/view?usp=sharing

github.com/D4rkP0w4r/Full-Ecommece-Website-Add_Product-Unrestricted-File-Upload-RCE-POC

hackmd.io/SCbv5_iJQd2JL2LRqCQYTA