CVE-2019-17188

Published: Oct 4, 2019Modified: Jun 17, 2026

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

An unrestricted file upload vulnerability was discovered in catalog/productinfo/imageupload in Fecshop FecMall 2.3.4. An attacker can bypass a front-end restriction and upload PHP code to the webserver, by providing image data and the image/jpeg content type, with a .php extension. This occurs because the code relies on the getimagesize function.

Affected (1)

Products: Fecmall: Fecmall

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Fecmall Fecmall	Version 2.3.4

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

https://github.com/fecshop/yii2_fecshop/issues/77

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

https://github.com/fecshop/yii2_fecshop/issues/77

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

Timeline

No history available yet.