CVE-2026-2164

Medium CVSS: 6.9

A security flaw has been discovered in detronetdip E-commerce 1.0.0. This issue affects some unknown processing of the file /seller/assets/backend/profile/addadhar.php. Performing a manipulation of the argument File results in unrestricted upload. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

Vendor

Detronetdip

Product

E-commerce

CWE

CWE-284

Yayın Tarihi

2026-02-08 17:15:58

Güncelleme

2026-02-19 20:24:53

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-284 E-commerce MEDIUM Detronetdip 2026

Referanslar

https://github.com/Nixon-H/PHP-Unrestricted-Upload-RCE https://github.com/detronetdip/E-commerce/ https://github.com/detronetdip/E-commerce/issues/23 https://vuldb.com/?ctiid.344866 https://vuldb.com/?id.344866 https://vuldb.com/?submit.751853

Benzer Kayıtlar

Medium

CVE-2025-15582

A security flaw has been discovered in detronetdip E-commerce 1.0.0. The impacted element is the function Delete/Update…

Medium

CVE-2025-15583

A weakness has been identified in detronetdip E-commerce 1.0.0. This affects the function get_safe_value of the file uti…

Medium

CVE-2026-2165

A weakness has been identified in detronetdip E-commerce 1.0.0. Impacted is an unknown function of the file /Admin/asset…