CVE-2020-28140

CRITICAL

SourceCodester Online Clothing Store 1.0 - Arbitrary File Upload via Products.php Image Upload

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-28140. PoCs published by Sushant Kamble.

AI-analyzed exploit summary This exploit demonstrates an arbitrary file upload vulnerability in Online Clothing Store 1.0, allowing an attacker to upload a malicious PHP file and execute system commands via a shell. The vulnerability is exploited through the Products.php page by uploading a PHP shell disguised as an image.

Description

SourceCodester Online Clothing Store 1.0 is affected by an arbitrary file upload via the image upload feature of Products.php.

Exploits (1)

exploitdb WORKING POC
by Sushant Kamble · textwebappsphp
https://www.exploit-db.com/exploits/48438

This exploit demonstrates an arbitrary file upload vulnerability in Online Clothing Store 1.0, allowing an attacker to upload a malicious PHP file and execute system commands via a shell. The vulnerability is exploited through the Products.php page by uploading a PHP shell disguised as an image.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Online Clothing Store 1.0
No auth needed
Prerequisites: Access to the Products.php page · Ability to upload files
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/48438

Scores

CVSS v3 9.8
EPSS 0.0184
EPSS Percentile 76.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-434
Status published
Products (1)
online_clothing_store_project/online_clothing_store 1.0
Published Nov 17, 2020
Tracked Since Feb 18, 2026