CVE-2017-17874

Name of the Vulnerable Software and Affected Versions Vanguard Marketplace Digital Products PHP version 1.4

Description The issue allows for arbitrary file upload through actions such as "Add a new product" or "Add a product preview". This can result in a .php file being made accessible under a uploads/ URI, potentially leading to unauthorized code execution.

Recommendations For version 1.4, consider restricting access to the file upload functionality to prevent arbitrary file uploads until a fix is available. As a temporary workaround, restrict access to the uploads/ directory to minimize the risk of exploitation.