'; } else{ echo ''; } echo '
|
|
|||
| Rule General Information |
|---|
| Release Date: | 2026-06-16 | |
| Rule Name: | Likeshop Arbitrary File Upload Vulnerability (CVE-2024-0352) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | A vulnerability classified as critical was found in Likeshop up to 2.5.7.20210311. This vulnerability affects the function FileServer::userFormImage of the file server/application/api/controller/File.php of the component HTTP POST Request Handler. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |
| Impact: | When the file operation function in the application that does not filter the file path effectively, an attacker can import the path of a file which contains malicious code, causing a file inclusion vulnerability and executing malicious code. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | CVE-2024-0352 |
|
| Solutions |
|---|
| Please contact the software vendor to update the software patch. |