PT-2023-29085 · Unknown · Simple/Nice Shopping Cart Script

Soundarxploit

Publicado

2023-10-06

Atualizado

2023-10-10

CVE-2023-44061

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Simple and Nice Shopping Cart Script version 1.0

Description The issue allows a remote attacker to execute arbitrary code via the upload function in the edit profile component. This is a result of a File Upload vulnerability.

Recommendations For Simple and Nice Shopping Cart Script version 1.0, consider disabling the upload function in the edit profile component until a patch is available. Restrict access to the edit profile component to minimize the risk of exploitation. Avoid using the upload function in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434

Identificadores relacionados

CVE-2023-44061

Produtos afetados

Simple/Nice Shopping Cart Script

PT-2023-29085 · Unknown · Simple/Nice Shopping Cart Script

CVE-2023-44061

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6