4 matches found
CVE-2025-58048
Paymenter is a free and open-source webshop solution for hostings. Prior to version 1.2.11, the ticket attachments functionality in Paymenter allows a malicious authenticated user to upload arbitrary files. This could result in sensitive data extraction from the database, credentials being read...
CVE-2025-58048 Paymenter Vulnerable to Remote Code Execution via Public File Uploads
Paymenter is a free and open-source webshop solution for hostings. Prior to version 1.2.11, the ticket attachments functionality in Paymenter allows a malicious authenticated user to upload arbitrary files. This could result in sensitive data extraction from the database, credentials being read...
CVE-2025-58048
CVE-2025-58048 affects Paymenter before version 1.2.11. The ticket attachments feature lets an authenticated user upload arbitrary files, enabling sensitive data extraction, credentials read from configuration files, and arbitrary commands executed under the web server user. A fix was released in...
Paymenter 代码问题漏洞
Paymenter is an online store hosting software from Paymenter open source. A code issue vulnerability exists in Paymenter versions prior to 1.2.11, which stems from the ticket attachment feature that allows the upload of arbitrary files, which could lead to sensitive data disclosure or system...