Unrestricted File Upload Vulnerability in SourceCodester Complete E-Commerce Site
CVE-2024-2754
Key Information:
- Vendor
Sourcecodester
- Status
- Vendor
- CVE Published:
- 21 March 2024
Badges
What is CVE-2024-2754?
A significant security vulnerability exists in SourceCodester Complete E-Commerce Site version 1.0, specifically within the file /admin/users_photo.php. This flaw allows attackers to manipulate the 'photo' parameter, resulting in unrestricted file uploads. As a consequence, attackers can upload malicious files to the server, leading to risk of remote code execution and compromising the integrity and confidentiality of the e-commerce platform. Given the public disclosure of the exploit, immediate action is recommended to protect affected systems from potential threats.
Affected Version(s)
Complete E-Commerce Site 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved