Remote Unrestricted Upload Vulnerability found in Codezips Online Shopping Portal 1.0
CVE-2024-9038

9.8CRITICAL

Key Information:

Vendor: Codezips
Status: Online Shopping Portal
Vendor: CVE Published:; 20 September 2024

What is CVE-2024-9038?

A security flaw has been identified in the Codezips Online Shopping Portal version 1.0, specifically involving an insecure functionality within the insert-product.php file. The vulnerability arises from improper handling of the arguments productimage1, productimage2, and productimage3, which permits an attacker to upload files without restrictions. This weakness can be exploited remotely, allowing unauthorized users to upload potentially malicious files to the server, heightening the risk of further attacks. The exploit details have been made public, prompting stakeholders to take immediate action.

References

https://vuldb.com/?id.278209

https://vuldb.com/?ctiid.278209

https://vuldb.com/?submit.411466

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 20, 2024