CVE-2026-2164
7.3 HIGHPublished 2026-02-08 · Modified 2026-02-09 · Awaiting Analysis
Quick Summary
A vulnerability in detronetdip E-commerce 1.0.0 allows attackers to upload any file they want to the server via a specific page. This is a critical flaw because it can be easily exploited over the internet.
Who is affected
All users running detronetdip E-commerce 1.0.0 are affected. An attacker could upload malicious files, like a web shell, to take control of the server or host harmful content.
Recommended fix
Immediately restrict access to or delete the vulnerable file, `/seller/assets/backend/profile/addadhar.php`. Since no patch is available, consider disabling file upload functionality in this area until the vendor provides a fixed version.
Technical Description
A security flaw has been discovered in detronetdip E-commerce 1.0.0. This issue affects some unknown processing of the file /seller/assets/backend/profile/addadhar.php. Performing a manipulation of the argument File results in unrestricted upload. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Details
Attack Vector
NETWORK
Complexity
LOW
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE
CWE-284, CWE-434