Unrestricted File Upload Vulnerability in Juanpao JPShop
CVE-2024-1264

9.8CRITICAL

Key Information:

Vendor

Juanpao

Status
JPShop
Vendor
CVE Published:
7 February 2024

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2024-1264?

A vulnerability exists in the Juanpao JPShop platform prior to version 1.5.02 that allows for unrestricted file uploads via the actionUpdate function located in /api/controllers/common/UploadsController.php. By manipulating the 'imgage' argument, attackers can exploit this weakness remotely, permitting them to upload arbitrary files. This flaw may lead to severe compromises of the web application, allowing for further attack vectors if exploited. Awareness and immediate patches are essential to eliminate potential threats associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

JPShop 1.5.02

References

https://vuldb.com/?id.253003
vdb-entrytechnical-description
https://vuldb.com/?ctiid.253003
signaturepermissions-required
https://note.zhaoj.in/share/f8b2IX7GsZS5
broken-linkexploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

glzjin (VulDB User)
JSON
.