Likeshop versions up to 2.5.7.20210311 suffer from an arbitrary file upload vulnerability within the FileServer::userFormImage function in server/application/api/controller/File.php. This vulnerability allows attackers to upload files of any type, including potentially executable scripts, which can lead to remote code execution.
View the template here CVE-2024-0352.yaml
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-0352