EverShop 2.0.1 allows a remote unauthenticated attacker to upload arbitrary files and create directories via the /api/images endpoint. The endpoint is accessible without authentication by default, and server-side validation of uploaded files is insufficient. This can be abused to upload arbitrary content (including non-image files) which could impersonate user/admin login panels (exfiltrating credentials) and to perform a denial-of-service attack by exhausting disk space.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NEvershop
APPEvershop2.0.1
Related vulnerabilities
EverShop: token resetowania hasła ujawniany w odpowiedzi API
Second-order SQL injection w EverShop podczas obsługi kategorii
Hardkodowany sekret HMAC w @evershop/evershop umożliwia fałszowanie tokenów JWT
RCE i ujawnienie danych w EverShop NPM przez plik route.json
A Denial of Service (DoS) vulnerability in evershop 2.1.0 and prior allows unauthenticated attackers to exhaus...