Title detronetdip E-commerce 1.0 Remote Code Execution Description Severity: CRITICAL (10.0) CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Bug Type: CWE-434: Unrestricted Upload of File with Dangerous Type Vulnerability Details - The application lacks secure validation mechanisms for file uploads in the seller profile section. - A chain of errors exists that allows an attacker to bypass restrictions. - The application improperly validates MIME types, relying on the client-controlled Content-Type HTTP header. - Unsafe file extensions are not verified, allowing upload of malicious files such as PHP scripts. Vulnerable Files - - - -