High severity8.8NVD Advisory· Published Dec 9, 2019· Updated Jun 17, 2026
CVE-2019-19684
CVE-2019-19684
Description
nopCommerce v4.2.0 allows privilege escalation via file upload in Presentation/Nop.Web/Admin/Areas/Controllers/PluginController.cs via Admin/FacebookAuthentication/Configure because it is possible to upload a crafted Facebook Auth plugin.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- nopCommerce/nopCommercedescription
- Range: =4.2.0
Patches
Vulnerability mechanics
References
1- github.com/klezVirus/cves/tree/master/NopCommerce/Privilege%20Escalation%20via%20Plugin%20UploadnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.