Name of the Vulnerable Software and Affected Versions:

Paymenter versions prior to 1.2.11

Description:

Paymenter is a free and open-source webshop solution for hostings. The ticket attachments functionality allows a malicious authenticated user to upload arbitrary files. This could result in sensitive data extraction from the database, credentials being read from configuration files, and arbitrary system commands being run under the web server user context.

Recommendations:

Upgrade to version 1.2.11 or later.

Update nginx configuration to download attachments instead of executing them.

Disallow access to `/storage/` using a WAF such as Cloudflare.