Description
An issue was discovered in JABA XPress Online Shop through 2018-09-14. It contains an arbitrary file upload vulnerability in the picture-upload feature of ProductEdit.aspx. An authenticated attacker may bypass the frontend filename validation and upload an arbitrary file via FileUploader.aspx.cs in FileUploader.aspx by using empty w and h parameters. This file may contain arbitrary aspx code that may be executed by accessing /Jec/ProductImages/<number>/<filename>. Accessing the file once uploaded does not require authentication.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
http://cyber-crime.ru/cve/CVE-2018-17058.html
Scores
CVSS v3
8.8
EPSS
0.0021
EPSS Percentile
42.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-434
Status
published
Products (1)
jaba/jaba_xpress
< 2018-09-14
Published
Mar 02, 2020
Tracked Since
Feb 18, 2026