PT-2004-3590 · Aspdotnetstorefront · Aspdotnetstorefront

Published

2004-12-31

Updated

2008-09-05

CVE-2004-2700

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions AspDotNetStorefront version 3.3

Description The issue allows remote authenticated administrators to upload arbitrary files with executable extensions via the "admin/images.aspx" API endpoint. This could potentially lead to unauthorized execution of malicious code.

Recommendations For AspDotNetStorefront version 3.3, consider restricting access to the admin/images.aspx endpoint to prevent unauthorized file uploads until a patch is available. Additionally, restrict the types of files that can be uploaded to prevent executable files from being uploaded.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2004-2700

Affected Products

Aspdotnetstorefront

PT-2004-3590 · Aspdotnetstorefront · Aspdotnetstorefront

CVE-2004-2700

Weakness Enumeration

Related Identifiers

Affected Products

References · 4