Impact
This vulnerability is an arbitrary file upload (CWE-863) that enables authenticated users with contributor, editor, author, or administrator roles to upload malicious files, such as PHP shells, via the Products tab custom field. Once the file is stored in the upcp-product-file-uploads directory, an attacker can access it and execute arbitrary code on the server, effectively gaining full control over the site and the underlying infrastructure.
Affected Systems
Ultimate Product Catalog by Etoilewebdesign version 3.8.6 is affected.
Risk and Exploitability
With a CVSS score of 8.7 and an EPSS score of < 1%, the finding is classified as high severity. The vulnerability is not listed in the CISA KEV catalog, but the nature of the flaw—allowing code upload and execution once authenticated—poses a significant risk. An attacker who has legitimate or compromised credentials with at least contributor level access can exploit the vulnerability by uploading a PHP shell to the protected directory and then accessing it to run arbitrary commands.
OpenCVE Enrichment