Gsfisho

**Name of the Vulnerable Software and Affected Versions** Fecshop FecMall version 2.3.4 **Description** An issue was found where an attacker can bypass front-end restrictions and upload PHP code to the webserver. This is done by providing image data with a .php extension and the image/jpeg content type. The issue arises because the code relies on the getimagesize function. **Recommendations** For Fecshop FecMall version 2.3.4, consider restricting access to the catalog/productinfo/imageupload endpoint to prevent unauthorized file uploads until a patch is available. As a temporary workaround, disabling the image upload functionality can help minimize the risk of exploitation.