CVE-2017-17874

HIGH

Vanguard Marketplace Digital Products PHP 1.4 - Unauthenticated Arbitrary File Upload via Product Addition

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-17874. PoCs published by Ihsan Sencan.

AI-analyzed exploit summary This exploit demonstrates an arbitrary file upload vulnerability in Vanguard Marketplace Digital Products PHP 1.4. The vulnerability arises from insufficient file upload restrictions, allowing attackers to upload malicious PHP files to the server.

Description

Vanguard Marketplace Digital Products PHP 1.4 allows arbitrary file upload via an "Add a new product" or "Add a product preview" action, which can make a .php file accessible under a uploads/ URI.

Exploits (1)

exploitdb WORKING POC

by Ihsan Sencan · textwebappsphp

https://www.exploit-db.com/exploits/43315

View Code ZIP pw:eip

This exploit demonstrates an arbitrary file upload vulnerability in Vanguard Marketplace Digital Products PHP 1.4. The vulnerability arises from insufficient file upload restrictions, allowing attackers to upload malicious PHP files to the server.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Vanguard Marketplace Digital Products PHP 1.4

Auth required

Prerequisites: Access to the product upload functionality · Valid user credentials

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1204 - User Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/43315/

Scores

CVSS v3 8.8

EPSS 0.0603

EPSS Percentile 92.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (1)

vanguard_project/marketplace_digital_products_php 1.4.0

Published Dec 27, 2017

Tracked Since Feb 18, 2026