CVE-2024-1264 Juanpao JPShop UploadsController.php actionUpdate unrestricted upload

A vulnerability has been found in Juanpao JPShop up to 1.5.02 and classified as critical. Affected by this vulnerability is the function actionUpdate of the file /api/controllers/common/UploadsController.php. The manipulation of the argument imgage leads to unrestricted upload. The attack can be...

CVE-2024-1259 Juanpao JPShop API AppController.php unrestricted upload

A vulnerability was found in Juanpao JPShop up to 1.5.02. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/controllers/admin/app/AppController.php of the component API. The manipulation of the argument apppicurl leads to unrestricted upload. The...

CVE-2024-1258 Juanpao JPShop API params.php hard-coded key

A vulnerability was found in Juanpao JPShop up to 1.5.02. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file api/config/params.php of the component API. The manipulation of the argument JWTKEYADMIN leads to use of hard-coded cryptographic k...

JPShop Security Vulnerability

JPShop is an open source community group-buying micro-mall applet. A security vulnerability exists in Juanpao JPShop version 1.5.02 and earlier versions, which stems from an incorrect operation of the parameter picurl that can lead to unrestricted uploads...