CVE-2024-4923: Codezips E-Commerce Site addproduct.php unrestricted upload
First published: Thu May 16 2024(Updated: )
A vulnerability has been found in Codezips E-Commerce Site 1.0 and classified as critical. This vulnerability affects unknown code of the file admin/addproduct.php. The manipulation of the argument profilepic leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264460.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Codezips E-Commerce Site | ||
| Codezips E-Commerce Site | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-4923?
CVE-2024-4923 is classified as a critical vulnerability.
How do I fix CVE-2024-4923?
To fix CVE-2024-4923, update to a patched version of Codezips E-Commerce Site that addresses the unrestricted upload issue.
What is affected by CVE-2024-4923?
CVE-2024-4923 affects Codezips E-Commerce Site version 1.0, specifically the file admin/addproduct.php.
Can CVE-2024-4923 be exploited remotely?
Yes, CVE-2024-4923 can be exploited remotely due to the unrestricted file upload vulnerability.
What is the cause of CVE-2024-4923?
CVE-2024-4923 is caused by improper validation of the profilepic argument in the admin/addproduct.php file.
- agent/title
- agent/weakness
- agent/references
- agent/description
- agent/first-publish-date
- agent/type
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/severity
- agent/last-modified-date
- agent/source
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- vendor/codezips
- canonical/codezips e-commerce site
- version/codezips e-commerce site/1.0