cbcvebase.

Juanpao Jpshop vulnerabilities

7 known vulnerabilities affecting juanpao/jpshop.

Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL6MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2024-1262P2CRITICALCVSS 9.8≤ 1.5.02v1.5.022024-02-06
CVE-2024-1262 [CRITICAL] CWE-434 CVE-2024-1262: A vulnerability, which was classified as critical, has been found in Juanpao JPShop up to 1.5.02. Th A vulnerability, which was classified as critical, has been found in Juanpao JPShop up to 1.5.02. This issue affects the function actionUpdate of the file /api/controllers/merchant/design/MaterialController.php of the component API. The manipulation of the argument pic_url leads to unrestricted upload. The attack may be initiated remotely. The explo
nvd
CVE-2024-1261P2CRITICALCVSS 9.8≤ 1.5.02v1.5.022024-02-06
CVE-2024-1261 [CRITICAL] CWE-434 CVE-2024-1261: A vulnerability classified as critical was found in Juanpao JPShop up to 1.5.02. This vulnerability A vulnerability classified as critical was found in Juanpao JPShop up to 1.5.02. This vulnerability affects the function actionIndex of the file /api/controllers/merchant/app/ComboController.php of the component API. The manipulation of the argument pic_url leads to unrestricted upload. The attack can be initiated remotely. The exploit has been discl
nvd
CVE-2024-1264P2CRITICALCVSS 9.8≤ 1.5.02v1.5.022024-02-07
CVE-2024-1264 [CRITICAL] CWE-434 CVE-2024-1264: A vulnerability has been found in Juanpao JPShop up to 1.5.02 and classified as critical. Affected b A vulnerability has been found in Juanpao JPShop up to 1.5.02 and classified as critical. Affected by this vulnerability is the function actionUpdate of the file /api/controllers/common/UploadsController.php. The manipulation of the argument imgage leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to t
nvd
CVE-2024-1260P2CRITICALCVSS 9.8≤ 1.5.02v1.5.022024-02-06
CVE-2024-1260 [CRITICAL] CWE-434 CVE-2024-1260: A vulnerability classified as critical has been found in Juanpao JPShop up to 1.5.02. This affects t A vulnerability classified as critical has been found in Juanpao JPShop up to 1.5.02. This affects the function actionIndex of the file /api/controllers/admin/app/ComboController.php of the component API. The manipulation of the argument pic_url leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclo
nvd
CVE-2024-1263P3CRITICALCVSS 9.8≤ 1.5.02v1.5.022024-02-06
CVE-2024-1263 [CRITICAL] CWE-434 CVE-2024-1263: A vulnerability, which was classified as critical, was found in Juanpao JPShop up to 1.5.02. Affecte A vulnerability, which was classified as critical, was found in Juanpao JPShop up to 1.5.02. Affected is the function actionUpdate of the file /api/controllers/merchant/shop/PosterController.php of the component API. The manipulation of the argument pic_url leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has b
nvd
CVE-2024-1259P3CRITICALCVSS 9.8≤ 1.5.02v1.5.022024-02-06
CVE-2024-1259 [CRITICAL] CWE-434 CVE-2024-1259: A vulnerability was found in Juanpao JPShop up to 1.5.02. It has been rated as critical. Affected by A vulnerability was found in Juanpao JPShop up to 1.5.02. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/controllers/admin/app/AppController.php of the component API. The manipulation of the argument app_pic_url leads to unrestricted upload. The attack may be launched remotely. The exploit has be
nvd
CVE-2024-1258P3MEDIUMCVSS 5.9≤ 1.5.02v1.5.022024-02-06
CVE-2024-1258 [MEDIUM] CWE-321 CVE-2024-1258: A vulnerability was found in Juanpao JPShop up to 1.5.02. It has been declared as problematic. Affec A vulnerability was found in Juanpao JPShop up to 1.5.02. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file api/config/params.php of the component API. The manipulation of the argument JWT_KEY_ADMIN leads to use of hard-coded cryptographic key . The complexity of an attack is rather high. The e
nvd
Juanpao Jpshop vulnerabilities | cvebase