CVE-2024-13210

Medium CVSS: 5.1

A vulnerability was found in donglight bookstore电商书城系统说明 1.0. It has been declared as critical. Affected by this vulnerability is the function uploadPicture of the file src/main/java/org/zdd/bookstore/web/controller/admin/AdminBookController. java. The manipulation of the argument pictureFile leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Vendor

Donglight

Product

Bookstore

CWE

CWE-284

Yayın Tarihi

2025-01-09 04:15:11

Güncelleme

2025-08-22 21:39:07

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-284 Bookstore MEDIUM Donglight 2025

Referanslar

https://github.com/donglight/bookstore/issues/10 https://github.com/donglight/bookstore/issues/10#issue-2760923048 https://vuldb.com/?ctiid.290815 https://vuldb.com/?id.290815 https://vuldb.com/?submit.469686

Benzer Kayıtlar

Medium

CVE-2024-13195

A vulnerability was found in donglight bookstore电商书城系统说明 1.0.0. It has been classified as critical. This affects the fun…

Medium

CVE-2024-13196

A vulnerability was found in donglight bookstore电商书城系统说明 1.0.0. It has been declared as problematic. This vulnerability…

Medium

CVE-2024-13197

A vulnerability was found in donglight bookstore电商书城系统说明 1.0.0. It has been rated as problematic. This issue affects the…