PT-2022-20110 · Unknown · Merchandise Online Store

Ffyyy6X0Y1

Published

2022-05-27

Updated

2022-06-10

CVE-2022-30423

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Merchandise Online Store version 1.0

Description The issue is related to an arbitrary code execution in the user profile upload point within the system information.

Recommendations For Merchandise Online Store version 1.0, consider disabling the user profile upload feature until a patch is available to prevent potential exploitation.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2022-30423

Affected Products

Merchandise Online Store

PT-2022-20110 · Unknown · Merchandise Online Store

CVE-2022-30423

Weakness Enumeration

Related Identifiers

Affected Products

References · 3