PT-2023-29085 · Unknown · Simple/Nice Shopping Cart Script
Soundarxploit
·
Published
2023-10-06
·
Updated
2023-10-10
·
CVE-2023-44061
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Simple and Nice Shopping Cart Script version 1.0
Description
The issue allows a remote attacker to execute arbitrary code via the upload function in the edit profile component. This is a result of a File Upload vulnerability.
Recommendations
For Simple and Nice Shopping Cart Script version 1.0, consider disabling the upload function in the edit profile component until a patch is available. Restrict access to the edit profile component to minimize the risk of exploitation. Avoid using the upload function in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Simple/Nice Shopping Cart Script