An issue was discovered in ShopNx through 2017-11-17. The vulnerability allows a remote attacker to upload any malicious file to a Node.js application. An attacker can upload a malicious HTML file that contains a JavaScript payload to steal a user's credentials.
References
Link | Resource |
---|---|
https://cxsecurity.com/issue/WLB-2018060185 | Exploit Third Party Advisory |
https://www.exploit-db.com/exploits/44978/ | Exploit Third Party Advisory VDB Entry |
Configurations
History
No history.
Information
Published : 2018-06-19 21:29
Updated : 2024-02-28 16:25
NVD link : CVE-2018-12519
Mitre link : CVE-2018-12519
CVE.ORG link : CVE-2018-12519
JSON object : View
Products Affected
codenx
- shopnx
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type