Unrestricted File Upload Vulnerability in Juanpao JPShop API
CVE-2024-1260

6.3MEDIUM

Key Information:

Vendor

Juanpao

Status
Jpshop
Vendor
CVE Published:
6 February 2024

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2024-1260?

A significant security risk has been identified in the Juanpao JPShop application, where the functionality within the API's ComboController allows for an unrestricted file upload. This vulnerability arises from improper handling of the 'pic_url' argument in the actionIndex method, enabling remote attackers to upload files without restrictions. The implications of this vulnerability are serious, as it offers a pathway for unauthorized access to the system, potentially allowing malicious users to execute harmful actions. Organizations using affected versions of JPShop should take immediate steps to secure their systems against possible exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

JPShop 1.5.02

References

https://vuldb.com/?id.252999
vdb-entrytechnical-description
https://vuldb.com/?ctiid.252999
signaturepermissions-required
https://note.zhaoj.in/share/H73DuWdyifaI
broken-linkexploit

CVSS V3.1

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

CVSS V3.0

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

glzjin (VulDB User)
JSON
.