CVE-2017-15285
X-Cart 5.2.23, 5.3.1.9, 5.3.2.13, and 5.3.3 are vulnerable to Remote Code Execution due to improper validation of uploaded file extensions before saving locally. The issue can be exploited by anyone with Vendor access or higher by uploading an image file in a product catalog attachment, then uplo...