File Upload vulnerability in Nanjin Xingyuantu Technology Co Sparkshop (Spark Mall B2C Mall v.1.1.6 and before allows a remote attacker to execute arbitrary code via the contorller/common.php component.
The vulnerability results from insufficient validation of uploaded files in the controller/common.php component of the Sparkshop application. A remote attacker can upload a malicious file (such as a PHP webshell) through the vulnerable endpoint without any authentication. After the file is loaded on the server, the attacker can invoke it directly via HTTP, resulting in arbitrary code execution in the context of the web server.
An attacker can gain full control over the application server, including access to customer data and transactions, modification of store content, and the ability to conduct further lateral movement within the victim's infrastructure.
Patches available from the vendor should be applied according to the references. Until the fix is deployed, it is recommended to restrict access to the vulnerable endpoint (controller/common.php) at the firewall or web server level and monitor the uploads directory for suspicious executable files.
Sparkshop (Spark Mall B2C Mall) version 1.1.6 and earlier, produced by Nanjin Xingyuantu Technology Co.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HSparkshop
APPSparkshop< 1.1.7
Related vulnerabilities
RCE w Sparkshop v.1.1.7 — podatność w komponencie Common.php
A loop hole in the payment logic of Sparkshop v1.16 allows attackers to arbitrarily modify the number of produ...
An issue in sparkshop v.1.1.7 and before allows a remote attacker to execute arbitrary code via a crafted phar...
SparkShop <=1.1.7 is vulnerable to server-side request forgery (SSRF). This vulnerability allows attacks to sc...