Oreoze

**Name of the Vulnerable Software and Affected Versions** ECshop versions up to 4.1.8 **Description** A problematic issue has been found in the Backup Database Handler component of the file admin/database.php, leading to unrestricted upload. The attack can be launched remotely. The issue affects some unknown functionality of this component. **Recommendations** For versions up to 4.1.8, update to a version later than 4.1.8 to resolve the issue. As a temporary workaround, consider restricting access to the admin/database.php file to minimize the risk of exploitation. Avoid using the Backup Database Handler component until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** ECshop versions up to 4.1.8 **Description** A vulnerability was found in the New Product Handler component of ECshop, allowing for unrestricted file upload. This can be exploited remotely, potentially allowing an attacker to upload arbitrary files. The exploit has been disclosed publicly. **Recommendations** For ECshop versions up to 4.1.8, update to a version later than 4.1.8 to resolve the issue. As a temporary workaround, consider restricting access to the New Product Handler component to minimize the risk of exploitation.