CVE-2023-1185

Name of the Vulnerable Software and Affected Versions ECshop versions up to 4.1.8

Description A vulnerability was found in the New Product Handler component of ECshop, allowing for unrestricted file upload. This can be exploited remotely, potentially allowing an attacker to upload arbitrary files. The exploit has been disclosed publicly.

Recommendations For ECshop versions up to 4.1.8, update to a version later than 4.1.8 to resolve the issue. As a temporary workaround, consider restricting access to the New Product Handler component to minimize the risk of exploitation.