PT-2022-18446 · Unknown · Newbee-Mall

Afeng2016-So

Published

2022-04-10

Updated

2022-04-15

CVE-2022-27477

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Newbee-Mall version 1.0.0

Description The issue allows for arbitrary file upload via the Upload function at the "/admin/goods/edit" API endpoint.

Recommendations For Newbee-Mall version 1.0.0, consider disabling the Upload function at the "/admin/goods/edit" endpoint until a patch is available to prevent exploitation.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2022-27477

Affected Products

Newbee-Mall

PT-2022-18446 · Unknown · Newbee-Mall

CVE-2022-27477

Weakness Enumeration

Related Identifiers

Affected Products

References · 3