CVE-2021-47933

Name of the Vulnerable Software and Affected Versions MStore API version 2.0.6

Description An arbitrary file upload flaw allows unauthenticated attackers to upload malicious files by sending POST requests to the REST API. Specifically, attackers can upload PHP files with arbitrary names to the 'config file' endpoint to achieve remote code execution on the server.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.