Full-Ecommece-Website 代码问题漏洞

Full-Ecommece-Website is an e-commerce system MES project by Ashley Muzuro, an individual developer in China. A code issue vulnerability exists in Full-Ecommece-Website version 1.1.0 and earlier, which stems from an unrestricted upload function in the file /admin/index.php?addproduct, which could...

CVE-2022-27346

Affected software : Ecommece-Website v1.1.0 (PHP/MySQL admin panel). Vulnerability : Arbitrary file upload via /admin/index.php?slides, enabling execution of crafted PHP files. Root cause / details : Multiple sources (NVD/Red Hat CNVD/CVE listings) describe an unrestricted file upload path in the...