Unrestricted File Upload Vulnerability in Juanpao JPShop
CVE-2024-1261

6.3MEDIUM

Key Information:

Vendor

Juanpao

Status
Jpshop
Vendor
CVE Published:
6 February 2024

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2024-1261?

A vulnerability has been identified in Juanpao's JPShop, specifically in the API component. The issue lies within the actionIndex function of the ComboController.php file, where manipulation of the argument 'pic_url' allows for unrestricted file uploads. This security flaw can be exploited remotely, posing significant risks to affected systems. Attackers may leverage this vulnerability to upload files without appropriate restrictions, potentially leading to further exploitation or unauthorized access. The vulnerability is publicly known, making it imperative for users to secure their installations promptly.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

JPShop 1.5.02

References

https://vuldb.com/?id.253000
vdb-entrytechnical-description
https://vuldb.com/?ctiid.253000
signaturepermissions-required
https://note.zhaoj.in/share/v2JpHJngvw7E
broken-linkexploit

CVSS V3.1

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

CVSS V3.0

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

glzjin (VulDB User)
JSON
.