CRITICAL🇵🇱 Wersja polska

CVE-2025-50722

CVSS 9.8v3.1pub. 2025-08-25upd. 2025-09-09

Insecure Permissions vulnerability in sparkshop v.1.1.7 allows a remote attacker to execute arbitrary code via the Common.php component

🤖 AI Analysis
How it works

The error results from unsafe permissions and improper validation of input data in the Common.php component. An attacker can send a specially crafted network request that is embedded in a command executed by the server without proper sanitization. The network attack vector (AV:N), lack of privilege requirements (PR:N), and no user interaction needed (UI:N) make the exploit executable completely remotely and automatically.

Impact

An attacker can gain full control over the server, including data reading and modification (C:H, I:H) and service unavailability (A:H). In practice, this means the possibility of server takeover, data theft, or malicious software installation.

Mitigation & patch

Security patches provided by the vendor should be applied according to the references. Until updates are deployed, it is recommended to restrict access to the application panel exclusively to trusted IP addresses and monitor unusual server activity.

Who is affected

Sparkshop version 1.1.7

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Sparkshop

    APP
    Sparkshop
    1.1.7
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2024-40425CRITICAL9.8PL ✓ten sam produkt

Krytyczna podatność File Upload umożliwiająca RCE w Sparkshop

CVE-2024-46307HIGH7.5ten sam produkt

A loop hole in the payment logic of Sparkshop v1.16 allows attackers to arbitrarily modify the number of produ...

CVE-2024-57685MEDIUM5.3ten sam produkt

An issue in sparkshop v.1.1.7 and before allows a remote attacker to execute arbitrary code via a crafted phar...

CVE-2024-48107MEDIUM6.5ten sam produkt

SparkShop <=1.1.7 is vulnerable to server-side request forgery (SSRF). This vulnerability allows attacks to sc...