CVE-2024-6730

Summary

A vulnerability was found in Nanjing Xingyuantu Technology SparkShop up to 1.1.6. It has been rated as critical. This issue affects some unknown processing of the file /api/Common/uploadFile. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271403.

Affected Software

VendorProductVersion RangeStatus
Nanjing Xingyuantu TechnologySparkShop1.1.0affected
Nanjing Xingyuantu TechnologySparkShop1.1.1affected
Nanjing Xingyuantu TechnologySparkShop1.1.2affected
Nanjing Xingyuantu TechnologySparkShop1.1.3affected
Nanjing Xingyuantu TechnologySparkShop1.1.4affected
Nanjing Xingyuantu TechnologySparkShop1.1.5affected
Nanjing Xingyuantu TechnologySparkShop1.1.6affected

Weaknesses

  • CWE-434: CWE-434 Unrestricted Upload

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References