Webify edownloads cart

vendor:

edownloads cart

by:

JIKO(JAWAD)

8,8

CVSS

HIGH

Delete Arbitrary File

N/A

CWE

Product Name: edownloads cart

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

An attacker can delete files uploaded in post and upload their own files if the server allows it. The exploit can be accessed by changing the number of post in the URL http://server/edownloadscart/uploads/X/

Mitigation:

Ensure that the server does not allow arbitrary file deletion and uploads.

Source

Exploit-DB raw data:

#########################################################################################
[!x!] Informations:  
Name           : Webify edownloads cart
Download       : http://www.webify.ws/edownloadscart
Vulnerability  : Delete Arbitrary File 
VulnerabilityAuthor         : JIKO(JAWAD)
Contact        : jalikom@hotmail.com
Site           : No-ExploiT.CoM (Is Back)
Notes          : No-ExploiT.CoM Miss
#########################################################################################
[!x!] Bug: Delete Arbitrary File Vulnerability   
you can delete file uploaded in post and upload your files (for php if allowed you can :))
#########################################################################################
[!x!] Exploit:  Exploit: http://server/edownloadscart/uploads/X/ change X with number of post 
########################################################################################
[!x!] To: All friendsCyber_Devil Allah with you members [No-exploit.Com]