2 matches found
CVE-2022-27435
An unrestricted file upload at /public/admin/index.php?addproduct of Ecommerce-Website v1.1.0 allows attackers to upload a webshell via the Product Image component...
CVE-2022-27435
The vulnerability CVE-2022-27435 affects Ecommerce-Website v1.1.0, where an unrestricted file upload in the Product Image component at /public/admin/index.php?add_product enables attackers to upload a webshell. The core issue is lack of file upload restrictions in the admin add_product endpoint, ...