CVE-2024-0352

HIGH EXPLOITED NUCLEI

Likeshop < 2.5.7.20210311 - Unrestricted File Upload

Title source: rule

Description

A vulnerability classified as critical was found in Likeshop up to 2.5.7.20210311. This vulnerability affects the function FileServer::userFormImage of the file server/application/api/controller/File.php of the component HTTP POST Request Handler. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250120.

Exploits (1)

nomisec SCANNER

by Cappricio-Securities · remote

https://github.com/Cappricio-Securities/CVE-2024-0352

View Code ZIP pw:eip

Nuclei Templates (1)

Likeshop < 2.5.7.20210311 - Arbitrary File Upload

CRITICALVERIFIEDby CookieHanHoan,babybash,samuelsamuelsamuel

Shodan: http.favicon.hash:874152924

FOFA: icon_hash=874152924

References (3)

[Broken Link] https://note.zhaoj.in/share/ciwYj7QXC4sZ

[Permissions Required, Third Party Advisory] https://vuldb.com/?ctiid.250120

[Third Party Advisory] https://vuldb.com/?id.250120

Scores

CVSS v3 7.3

EPSS 0.9189

EPSS Percentile 99.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Details

VulnCheck KEV 2024-01-22

CWE

CWE-434

Status published

Products (1)

likeshop/likeshop < 2.5.7.20210311

Published Jan 09, 2024

Tracked Since Feb 18, 2026