Shuning Yue

**Name of the Vulnerable Software and Affected Versions** SourceCodester Complete E-Commerce Site version 1.0 **Description** A critical vulnerability has been found in the SourceCodester Complete E-Commerce Site, affecting an unknown function of the file /admin/users photo.php. The manipulation of the `photo` argument leads to unrestricted upload. It is possible to launch the attack remotely. **Recommendations** For version 1.0, disable the function in the /admin/users photo.php file to mitigate the issue and apply patches as soon as possible. Verify all recent uploads for malicious content. Restrict access to the vulnerable function until a patch is available.