CVE-2024-50648

Name of the Vulnerable Software and Affected Versions: yshopmall version V1.0

Description: The issue is related to an arbitrary file upload vulnerability. This vulnerability can lead to remote code execution (RCE) or even server takeover when the server is improperly configured to parse JSP files.

Recommendations: For yshopmall version V1.0, consider disabling the file upload feature until a patch is available to prevent potential exploitation. Restrict access to the server to minimize the risk of takeover. Avoid improper configuration that allows parsing of JSP files from uploaded locations. At the moment, there is no information about a newer version that contains a fix for this vulnerability.