.. / CVE-2024-0352

Exploit for Likeshop < 2.5.7.20210311 - Arbitrary File Upload (CVE-2024-0352)

Description:

Likeshop versions up to 2.5.7.20210311 suffer from an arbitrary file upload vulnerability within the FileServer::userFormImage function in server/application/api/controller/File.php. This vulnerability allows attackers to upload files of any type, including potentially executable scripts, which can lead to remote code execution.

Affected Products:

Proof of Concept

PoC exploits

Nuclei Template

View the template here CVE-2024-0352.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2024/CVE-2024-0352.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2024-0352
https://github.com/akyosk/pocman/blob/5d1bbd3cd46b0dc91d44c544bd32d60f2d08625f/cve/Likeshop/CVE_2024_0352.py
https://vuldb.com/?ctiid.250120
https://vuldb.com/?id.250120