Login Sign Up

CVE-2022-27435

8.8 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability allows attackers to upload arbitrary files including webshells via the product image upload feature in Ecommerce-Website v1.1.0. Attackers can achieve remote code execution by uploading malicious PHP files. Anyone running the vulnerable version of this e-commerce software is affected.

💻 Affected Systems

Products:
  • Ecommerce-Website
Versions: v1.1.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the admin interface at /public/admin/index.php?add_product

📦 What is this software?

Ecommerce Website by Ecommerce Website Project

View all CVEs affecting Ecommerce Website →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise leading to data theft, ransomware deployment, or use as a pivot point for internal network attacks.

🟠

Likely Case

Webshell upload leading to website defacement, data exfiltration, or cryptocurrency mining.

🟢

If Mitigated

File upload attempts blocked with proper validation; no impact beyond failed upload attempts.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires admin access; multiple public PoCs demonstrate webshell upload leading to RCE.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None found

Restart Required: No

Instructions:

No official patch available. Consider workarounds or migrating to alternative software.

🔧 Temporary Workarounds

Implement file upload validation

all

Add server-side validation to restrict uploaded files to allowed image types only.

Modify /public/admin/index.php to validate file extensions and MIME types

Restrict admin access

all

Implement IP whitelisting or VPN requirement for admin interface access.

Add .htaccess rules or web server configuration to restrict /public/admin/

🧯 If You Can't Patch

  • Disable the product image upload feature entirely
  • Implement WAF rules to block file uploads with executable extensions

🔍 How to Verify

Check if Vulnerable:

Attempt to upload a file with .php extension via /public/admin/index.php?add_product product image upload.

Check Version:

Check software version in configuration files or admin panel.

Verify Fix Applied:

Verify that PHP file uploads are rejected and only image files are accepted.

📡 Detection & Monitoring

Log Indicators:

  • File uploads with non-image extensions to /public/admin/index.php
  • POST requests to add_product with unusual file names

Network Indicators:

  • HTTP POST requests with file uploads to admin endpoint
  • Subsequent requests to uploaded PHP files

SIEM Query:

source="web_logs" AND uri="/public/admin/index.php" AND method="POST" AND (file_extension="php" OR file_extension="phtml")

📊 Metadata

CVE ID: CVE-2022-27435
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-434
Published: April 4, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-27435, you might also want to check these:

CVE-2024-52490 10.0

This vulnerability allows attackers to upload arbitrary files, including web shells, to Pathomation ...

Same vulnerability type (CWE-434)
CVE-2024-43160 10.0

CVE-2024-43160 is an unauthenticated arbitrary file upload vulnerability in the BerqWP WordPress plu...

Same vulnerability type (CWE-434)
CVE-2024-8940 10.0

CVE-2024-8940 is a critical unrestricted file upload vulnerability in Scriptcase version 9.4.019 tha...

Same vulnerability type (CWE-434)