CVE-2024-0417

Name of the Vulnerable Software and Affected Versions DeShang DSShop versions up to 2.1.5

Description A critical vulnerability was found in DeShang DSShop, affecting an unknown part of the file application/home/controller/MemberAuth.php. The manipulation of the member info argument leads to path traversal, allowing an attacker to access files outside the intended directory, such as '../filedir'. This attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Recommendations For DeShang DSShop versions up to 2.1.5, as a temporary workaround, consider restricting access to the MemberAuth.php file or disabling the manipulation of the member info argument until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.