nopCommerce v4.2.0 allows privilege escalation via file upload in Presentation/Nop.Web/Admin/Areas/Controllers/PluginController.cs via Admin/FacebookAuthentication/Configure because it is possible to upload a crafted Facebook Auth plugin.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
nopcommerce nopcommerce 4.20 |