CVE-2022-27357

Name of the Vulnerable Software and Affected Versions Ecommerce-Website version v1

Description The issue is related to an arbitrary file upload vulnerability via the "/customer register.php" API endpoint. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.

Recommendations For Ecommerce-Website version v1, consider disabling the file upload functionality in the "/customer register.php" endpoint until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation. Avoid using this endpoint for file uploads until the issue is resolved.