CVE-2004-2700

Name of the Vulnerable Software and Affected Versions AspDotNetStorefront version 3.3

Description The issue allows remote authenticated administrators to upload arbitrary files with executable extensions via the "admin/images.aspx" API endpoint. This could potentially lead to unauthorized execution of malicious code.

Recommendations For AspDotNetStorefront version 3.3, consider restricting access to the admin/images.aspx endpoint to prevent unauthorized file uploads until a patch is available. Additionally, restrict the types of files that can be uploaded to prevent executable files from being uploaded.