PT-2023-27335 · Unknown · Welcart E-Commerce
Akihiro Hashimoto
·
Published
2023-09-26
·
Updated
2023-09-27
·
CVE-2023-40219
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Welcart e-Commerce versions 2.7 to 2.8.21
Description
The issue allows a user with editor or higher privilege to upload an arbitrary file to an unauthorized directory.
Recommendations
For Welcart e-Commerce versions 2.7 to 2.8.21, consider restricting file upload privileges to authorized users and directories until a patch is available.
As a temporary workaround, consider disabling file upload functionality for users with editor or higher privilege until the issue is resolved.
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Welcart E-Commerce