CVE-2022-26521

Name of the Vulnerable Software and Affected Versions Abantecart versions prior to 1.3.3

Description The issue allows remote authenticated administrators to execute arbitrary code by uploading an executable file. This is possible because the Catalog>Media Manager>Images settings can be changed by an administrator, for example, by configuring .php to be a valid image file type.

Recommendations For Abantecart versions prior to 1.3.3, update to version 1.3.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the Media Manager and limiting the types of files that can be uploaded to prevent potential exploitation.