PT-2018-11226 · Node.Js · Shopnx
L0Rd
·
Publicado
2018-06-19
·
Atualizado
2018-08-13
·
CVE-2018-12519
CVSS v2.0
4.0
Média
| Vetor | AV:N/AC:L/Au:S/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
ShopNx versions through 2017-11-17
Description
The issue allows a remote attacker to upload malicious files to a Node.js application. An attacker can upload a malicious HTML file containing a JavaScript payload to steal a user's credentials.
Recommendations
For versions through 2017-11-17, consider restricting file upload capabilities to prevent malicious file uploads until a fix is available. As a temporary workaround, restrict access to file upload functionality to minimize the risk of exploitation.
Exploit
Correção
Unrestricted File Upload
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Shopnx