WEB APPLICATION VULNERABILITIES Standard & Premium

AbanteCart Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-26521)

Description

Abantecart through 1.3.2 allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Catalog>Media Manager>Images settings can be changed by an administrator (e.g., by configuring .php to be a valid image file type).

Remediation

References

Related Vulnerabilities

PHP NULL Pointer Dereference Vulnerability (CVE-2020-7062)

MySQL CVE-2017-3265 Vulnerability (CVE-2017-3265)

WordPress Plugin SEO Plugin LiveOptim Multiple Vulnerabilities (1.1.8-free)

WordPress Plugin Multilanguage by BestWebSoft Cross-Site Scripting (1.2.1)

WordPress Plugin Taxonomy Converter Unspecified Vulnerability (1.1)

Severity

High

Classification

CVE-2022-26521 CWE-434 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities