A vulnerability, which was classified as critical, was found in Juanpao JPShop up to 1.5.02. Affected is the function actionUpdate of the file /api/controllers/merchant/shop/PosterController.php of the component API. The manipulation of the argument pic_url leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-253002 is the identifier assigned to this vulnerability.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: VulDB
Published: 2024-02-06T23:00:07.845Z
Updated: 2024-08-19T20:11:22.610Z
Reserved: 2024-02-06T08:28:52.861Z
Link: CVE-2024-1263
Vulnrichment
Updated: 2024-08-01T18:33:25.265Z
NVD
Status : Modified
Published: 2024-02-06T23:15:08.460
Modified: 2024-11-21T08:50:11.303
Link: CVE-2024-1263
Redhat
No data.