Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2022-37346

Published: 27/09/2022 Updated: 30/09/2022
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Ec-cube

Vulnerability Summary

EC-CUBE plugin 'Product Image Bulk Upload Plugin' 1.0.0 and 4.1.0 contains an insufficient verification vulnerability when uploading files. Exploiting this vulnerability allows a remote unauthenticated malicious user to upload arbitrary files other than image files. If a user with an administrative privilege of EC-CUBE where the vulnerable plugin is installed is led to upload a specially crafted file, an arbitrary script may be executed on the system.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

ec-cube product image bulk upload 4.1.0

ec-cube product image bulk upload 1.0.0

References

CWE-434https://www.ec-cube.net/info/weakness/20220909/product_images_uploader.phphttps://jvn.jp/en/jp/JVN30900552/index.htmlhttps://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991CVE-2024-32674path traversalCVE-2023-21987denial of servicedosCVE-2024-4647CVE-2024-25519CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook