fancyecommerce/fecshop allows unrestricted file upload. Lack of validation of file uploads in services/Image.php
allows an authenticated attacker to upload a file containing malicious PHP
codes and perform remote code execution by browsing to the uploaded file.
CPE | Name | Operator | Version |
---|---|---|---|
fancyecommerce/fecshop | le | 2.3.4 |