Show filters
2 Total Results
Displaying 1-2 of 2
Sort by:
Attacker Value
Unknown

CVE-2024-50652

Disclosure Date: November 15, 2024 (last updated January 05, 2025)
A file upload vulnerability in java_shop 1.0 allows attackers to upload arbitrary files by modifying the avatar function.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-50651

Disclosure Date: November 15, 2024 (last updated December 21, 2024)
java_shop 1.0 is vulnerable to Incorrect Access Control, which allows attackers to obtain sensitive information of users with different IDs by modifying the ID parameter.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0