CVE-2024-24028

Name of the Vulnerable Software and Affected Versions Likeshop versions prior to 2.5.7

Description The issue allows attackers to view sensitive information. It is related to a Server Side Request Forgery (SSRF) vulnerability, which can be exploited via the avatar parameter in the UserLogic::updateWechatInfo() function.

Recommendations For versions prior to 2.5.7, update to version 2.5.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the UserLogic::updateWechatInfo() function or the avatar parameter to minimize the risk of exploitation.