Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in JABA XPress Online Shop through 2018-09-14. It contains an arbitrary file upload vulnerability in the picture-upload feature of ProductEdit.aspx. An authenticated attacker may bypass the frontend filename validation and upload an arbitrary file via FileUploader.aspx.cs in FileUploader.aspx by using empty w and h parameters. This file may contain arbitrary aspx code that may be executed by accessing /Jec/ProductImages/<number>/<filename>. Accessing the file once uploaded does not require authentication.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
JABA XPress Online Shop ProductEdit.aspx 代码问题漏洞
Vulnerability Description
JABA XPress Online Shop是澳大利亚JABA团队的一套在线电子商店系统。 JABA XPress Online Shop 2018-09-14及之前版本中的ProductEdit.aspx页面的图片上传功能存在代码问题漏洞。攻击者可通过使用空的‘w’和‘h’参数利用该漏洞绕过前端文件名的验证并上传任意文件。
CVSS Information
N/A
Vulnerability Type
N/A