eShop 漏洞列表

共找到 3 个与 eShop 相关的漏洞

📅 加载漏洞趋势中...

CVE-2024-0352: Likeshop userFormImage 文件上传漏洞 POC

日期: 2025-09-01 | 影响软件: Likeshop

Likeshop up to 2.5.7.20210311 存在一处安全漏洞，被分类为严重级别。该漏洞影响 HTTP POST 请求处理组件的 file server/application/api/controller/File.php 的函数 FileServer::userFormImage。攻击者可以通过对参数 file 的篡改来实现未受限的文件上传。攻击可以远程发起，且已经公开披露并可能被利用。该漏洞的标识符为 VDB-250120。 Fofa: icon_hash="874152924"
CVE-2022-35493: eShop 3.0.4 - Cross-Site Scripting POC

日期: 2025-08-01 | 影响软件: eShop

eShop 3.0.4 contains a reflected cross-site scripting vulnerability in json search parse and json response in wrteam.in.
CVE-2024-0352: Likeshop < 2.5.7.20210311 - Arbitrary File Upload POC

日期: 2025-08-01 | 影响软件: Likeshop

A vulnerability classified as critical was found in Likeshop up to 2.5.7.20210311. This vulnerability affects the function FileServer::userFormImage of the file server/application/api/controller/File.php of the component HTTP POST Request Handler. The manipulation of the argument file with an unknown input leads to a unrestricted upload vulnerability. The CWE definition for the vulnerability is CWE-434