CVE-2023-2712

Name of the Vulnerable Software and Affected Versions Rental Module versions prior to 23.05.15

Description The issue allows Command Injection and enables attackers to upload malicious files, including web shells, to a web server. This is due to an Unrestricted Upload of File with Dangerous Type vulnerability in the Rental Module developed by a third-party for Ideasoft's E-commerce Platform.

Recommendations For versions prior to 23.05.15, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting file uploads to only necessary and safe file types to minimize the risk of exploitation. Additionally, monitor server access and file uploads closely to detect any potential malicious activity.