漏洞标题
EcShop PHP 文件模板.php 无限制的上传
漏洞描述信息
EcShop PHP文件template.php无限制上传漏洞
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
EcShop PHP File template.php unrestricted upload
漏洞描述信息
A vulnerability was found in EcShop 4.1.5. It has been classified as critical. This affects an unknown part of the file /ecshop/admin/template.php of the component PHP File Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220641 was assigned to this vulnerability.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
漏洞类别
危险类型文件的不加限制上传
漏洞标题
ECShop 代码问题漏洞
漏洞描述信息
ShopeX ECShop是中国商派(ShopeX)公司的一个开源商城系统。支持PC+H5+APP+小程序商城,源码免费下载体验,适合企业开发搭建商城。 EcShop 4.1.5版本存在代码问题漏洞,该漏洞源于对/ecshop/admin/template.php文件的错误操作导致文件不受限制的上传。
CVSS信息
N/A
漏洞类别
代码问题