{"vulnerability": "CVE-2022-37346", "sightings": [{"uuid": "bdbd04c8-e7e2-4bb6-89d5-3d049a21e879", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-37346", "type": "seen", "source": "https://t.me/cibsecurity/50535", "content": "\u203c CVE-2022-37346 \u203c\n\nEC-CUBE plugin 'Product Image Bulk Upload Plugin' 1.0.0 and 4.1.0 contains an insufficient verification vulnerability when uploading files. Exploiting this vulnerability allows a remote unauthenticated attacker to upload arbitrary files other than image files. If a user with an administrative privilege of EC-CUBE where the vulnerable plugin is installed is led to upload a specially crafted file, an arbitrary script may be executed on the system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-28T02:36:16.000000Z"}]}