Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
AbanteCart Unrestricted Upload of File with Dangerous Type Vulnerability - CVE-2022-26521 - Vulnerability Database
AbanteCart

AbanteCart Unrestricted Upload of File with Dangerous Type Vulnerability - CVE-2022-26521

High
Reference: CVE-2022-26521
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2022-26521
Title: AbanteCart Unrestricted Upload of File with Dangerous Type Vulnerability
Overview:

Abantecart through 1.3.2 allows remote authenticated administrators to execute arbitrary code by uploading an executable file because the CataloggtMedia ManagergtImages settings can be changed by an administrator (e.g. by configuring .php to be a valid image file type).