Arbitrary File Upload Vulnerability in Vanguard Marketplace Digital Products PHP 1.4

CVE-2017-17874 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

Vanguard Marketplace Digital Products PHP 1.4 allows arbitrary file upload via an "Add a new product" or "Add a product preview" action, which can make a .php file accessible under a uploads/ URI.

Learn more about our Web Application Penetration Testing UK.