A vulnerability, which was classified as critical, was found in Juanpao JPShop up to 1.5.02. Affected is the function actionUpdate of the file /api/controllers/merchant/shop/PosterController.php of the component API. The manipulation of the argument pic_url leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-253002 is the identifier assigned to this vulnerability.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2024-02-06T23:00:07.845Z

Updated: 2024-08-19T20:11:22.610Z

Reserved: 2024-02-06T08:28:52.861Z

Link: CVE-2024-1263

cve-icon Vulnrichment

Updated: 2024-08-01T18:33:25.265Z

cve-icon NVD

Status : Modified

Published: 2024-02-06T23:15:08.460

Modified: 2024-11-21T08:50:11.303

Link: CVE-2024-1263

cve-icon Redhat

No data.