PT-2026-4823 · Unknown · Ijason-Liu Books Manager

Y1Fan

Publicado

2026-01-26

Atualizado

2026-01-26

CVE-2026-1445

CVSS v2.0

5.8

Média

Vetor

AV:N/AC:L/Au:M/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions iJason-Liu Books Manager versions prior to 298ba736387ca37810466349af13a0fdf828e99c

Description A flaw exists in iJason-Liu Books Manager that allows for unrestricted file uploads. This issue is related to the manipulation of the book cover argument within the file controllers/books center/upload bookCover.php. The attack can be initiated remotely. The exploit has been publicly released.

Recommendations Versions prior to 298ba736387ca37810466349af13a0fdf828e99c should be updated. As a temporary workaround, restrict access to the file controllers/books center/upload bookCover.php until a patch is available. Avoid uploading files through the book cover parameter until the issue is resolved.

Exploit

Correção

Unrestricted File Upload

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434CWE-284

Identificadores relacionados

CVE-2026-1445

Produtos afetados

Ijason-Liu Books Manager

PT-2026-4823 · Unknown · Ijason-Liu Books Manager

CVE-2026-1445

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6