CVE-2024-0352 Scanner
Detects 'Arbitrary File Upload' vulnerability in Likeshop affects v. up to 2.5.7.20210311.
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 sec
Scan only one
Domain, Ipv4
Toolbox
-
Likeshop is an e-commerce platform used for building social media stores. It is specifically designed for the popular social media platform, Facebook. Sellers can use Likeshop to list and sell their products on their Facebook pages. This platform is ideal for small businesses, entrepreneurs, and aspiring online merchants who want to establish their presence on social media.
The vulnerability code CVE-2024-0352 was detected in Likeshop up to version 2.5.7.20210311. This vulnerability affects the function FileServer::userFormImage of the file server/application/api/controller/File.php of the component HTTP POST Request Handler. A skilled attacker can exploit this vulnerability remotely by manipulating the file argument and gain unrestricted access to upload files. This is a critical vulnerability as it allows an attacker to execute arbitrary code on the server and gain complete control over the system.
Exploiting this vulnerability can lead to severe consequences for the seller, customers, and the business as a whole. An attacker can upload malicious files that can infect the operating system and compromise the entire server. The attacker can easily steal user data, including personal and financial information. This can result in identity theft, fraud, and financial losses. It can also lead to a loss of reputation for the seller and the business, which can be challenging to recover from.
By subscribing to SecurityForEveryone.com Pro services, readers can easily and quickly learn about vulnerabilities in their digital assets. The platform offers advanced features to detect, prevent and respond to cyber threats. The platform can scan for vulnerabilities, provide real-time alerts, and offer actionable insights to mitigate risks. Businesses can protect their digital assets with personalized protection plans tailored to their specific needs. The SecurityForEveryone.com platform is a reliable and effective solution for businesses of all sizes to protect their digital assets from potential cyber threats.
REFERENCES
control security posture