PT-2022-18386 · Unknown · Ecommerce-Website

Published

2022-04-08

Updated

2022-04-14

CVE-2022-27346

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Ecommece-Website version 1.1.0

Description The issue allows attackers to execute arbitrary code via a crafted PHP file, exploiting an arbitrary file upload vulnerability. This is achieved through the "/admin/index.php?slides" API endpoint.

Recommendations For Ecommece-Website version 1.1.0, consider disabling the file upload functionality via the /admin/index.php?slides endpoint until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation. Avoid using this endpoint to upload files until the issue is resolved.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2022-27346

Affected Products

Ecommerce-Website

PT-2022-18386 · Unknown · Ecommerce-Website

CVE-2022-27346

Weakness Enumeration

Related Identifiers

Affected Products

References · 7