VYPR

Product Image Bulk Upload Plugin

by Ec Cube Co.,ltd.

CVEs (1)

  • CVE-2022-37346CriSep 27, 2022
    risk 0.64cvss 9.8epss 0.01

    EC-CUBE plugin 'Product Image Bulk Upload Plugin' 1.0.0 and 4.1.0 contains an insufficient verification vulnerability when uploading files. Exploiting this vulnerability allows a remote unauthenticated attacker to upload arbitrary files other than image files. If a user with an…