8 matches found
CVE-2026-42879
FacturaScripts is an open source accounting and invoicing software. In 2025.81 and earlier, an authenticated unrestricted file upload vulnerability exists in FacturaScripts' product image upload functionality. An attacker with valid credentials can upload a PHP file disguised as a GIF image using...
EUVD-2022-5538
Malicious code in bioql PyPI...
EC-CUBE plugin "Product Image Bulk Upload Plugin" vulnerable to insufficient verification in uploading files
Overview EC-CUBE plugin "Product Image Bulk Upload Plugin", a plugin that enables to upload image files, provided by EC-CUBE CO.,LTD. contains an insufficient verification vulnerability when uploading files CWE-20. Exploiting this vulnerability allows a remote unauthenticated attacker to upload...
Information disclosure
Magento versions 2.4.2 and earlier, 2.4.1-p1 and earlier and 2.3.6-p1 and earlier are vulnerable to an Information Disclosure vulnerability when uploading a modified png file to a product image. Successful exploitation could lead to the disclosure of document root path by an unauthenticated...
Remote code execution
KonaKart 8.9.0.0 is vulnerable to Remote Code Execution by uploading a web shell as a product category image...
Two File Upload Vulnerabilities Exist in Website Builder Star Backend
Ltd., is a cloud computing-based Internet application service provider. There are file upload vulnerabilities in the background of sitestar 1 banner scroll bar edit-select single image upload and 2 product management in the background-edit more image upload. Allow attackers to upload webshell and...
Shopify: SVG Server Side Request Forgery (SSRF)
I found an issue which seems to be regression of the following issue: https://hackerone.com/reports/97501 . It seems your input validaton is not sufficient and the file is getting processed before your implemented check for valid file types. When adding a new product in the store, images for the...
Valentina Cookie Handling Privilege Escalation
Cyber-Warrior & Security TIM - Bug Researchers Group Application Name : Valentina Vulnerable Type : Cookie Handling Vulnerebility Infection : SQL Info GET... Author : Septemb0x Script Down.& WebSite : http://s2.dosya.tc/valentina.zip.html - http://www.valya.ru Cyber-Warrior & Security TIM - Bug...