Primary

Context

LogicData eCommerce Framework Content Explorer Arbitrary File Upload Vulnerability Leading to Remote Code Execution

Vulnerability

A vulnerability allowing authenticated users to upload arbitrary files in the Content Explorer feature of LogicData eCommerce Framework version 5.0.9.7000 has been identified. This unrestricted file upload vulnerability could be exploited to execute arbitrary code on the server by uploading a maliciously crafted file.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the server where LogicData eCommerce Framework is running.

Reproduction

To reproduce this vulnerability, an authenticated user can upload a file through the Content Explorer feature. The uploaded file should be crafted to include executable code, such as a PHP file designed to be executed by the server. Once uploaded, the file can be accessed via the web server, and the embedded code will be executed.

Added: Aug 19, 2025, 8:24 PM

Updated: Aug 19, 2025, 9:36 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.6

remediation

0.0

relevance

0.4

threat

1.6

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.6

remediation

0.0

relevance

0.4

threat

1.6

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

LogicData eCommerce Framework Content Explorer Arbitrary File Upload Vulnerability Leading to Remote Code Execution

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating