Unrestricted Upload Vulnerability in JPShop API
CVE-2024-1263

9.8CRITICAL

Key Information:

Vendor

Juanpao

Status
JPShop
Vendor
CVE Published:
6 February 2024

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2024-1263?

A vulnerability in the Juanpao JPShop application exposes the API functionality to potential exploitation due to improper handling of the pic_url parameter in the PosterController.php file. This allows malicious users to upload unauthorized files remotely, potentially leading to further attacks on the system. The flaw exists in the actionUpdate function of the API, making it imperative for users and administrators to apply necessary updates or patches to mitigate the risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

JPShop 1.5.02

References

https://vuldb.com/?id.253002
vdb-entrytechnical-description
https://vuldb.com/?ctiid.253002
signaturepermissions-required
https://note.zhaoj.in/share/Lkrp36sa1EHO
broken-linkexploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

glzjin (VulDB User)
JSON
.