Description
A security flaw has been discovered in detronetdip E-commerce 1.0.0. This issue affects some unknown processing of the file /seller/assets/backend/profile/addadhar.php. Performing a manipulation of the argument File results in unrestricted upload. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-02-08
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution via Unrestricted File Upload
Action: Patch or Mitigate
AI Analysis

Impact

The flaw in detronetdip E-commerce allows an attacker to upload arbitrary files through the /seller/assets/backend/profile/addadhar.php endpoint. Because the application does not validate the file type or enforce proper access control, a malicious actor can place a PHP script or other executable content and execute it on the web server. This represents a classic unrestricted upload problem (CWE‑434) compounded by improper access control (CWE‑284), enabling remote code execution if the attacker can reach the upload interface.

Affected Systems

Only detronetdip E-commerce version 1.0.0 is affected, specifically the addadhar.php script within the seller asset management module. No other versions are listed, so the impact is confined to that single code base.

Risk and Exploitability

The CVSS score of 6.9 indicates moderate severity, yet the EPSS score of less than 1% suggests that, at the time of measurement, exploitation was unlikely. However, the publicly released exploit code demonstrates that an attacker can achieve code execution once the upload flaw is exercised. Whether authentication is required is not detailed in the description; it is inferred that the endpoint may be accessible to logged‑in sellers or could potentially be reached without credentials, which would increase the attacker's opportunity. The vulnerability is not listed in CISA KEV, but the availability of exploit code means that it could become actionable if a suitable target configuration is found.

Generated by OpenCVE AI on April 18, 2026 at 13:12 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any official patch or updated release from detronetdip for E‑commerce 1.0.0 as soon as it becomes available.
  • Restrict file uploads by whitelisting allowed extensions (e.g., .jpg, .png) and validating MIME type, and enforce strict upper limits on file size to reduce the attack surface.
  • Enforce authentication and proper authorization checks on the addadhar.php endpoint so that only privileged users can upload files.
  • Configure a web application firewall or file‑content scanner to detect and block uploaded scripts or potentially malicious files.

Generated by OpenCVE AI on April 18, 2026 at 13:12 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 23 Feb 2026 10:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:detronetdip:e-commerce:*:*:*:*:*:*:*:*

Thu, 19 Feb 2026 20:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:detronetdip:e-commerce:1.0.0:*:*:*:*:*:*:*

Mon, 09 Feb 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 09 Feb 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Detronetdip
Detronetdip e-commerce
Vendors & Products Detronetdip
Detronetdip e-commerce

Sun, 08 Feb 2026 17:00:00 +0000

Type Values Removed Values Added
Description A security flaw has been discovered in detronetdip E-commerce 1.0.0. This issue affects some unknown processing of the file /seller/assets/backend/profile/addadhar.php. Performing a manipulation of the argument File results in unrestricted upload. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Title detronetdip E-commerce addadhar.php unrestricted upload
Weaknesses CWE-284
CWE-434
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Detronetdip E-commerce
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-02-23T09:44:43.865Z

Reserved: 2026-02-07T09:11:36.901Z

Link: CVE-2026-2164

cve-icon Vulnrichment

Updated: 2026-02-09T21:10:11.918Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-08T17:15:58.410

Modified: 2026-02-19T20:24:53.650

Link: CVE-2026-2164

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T13:15:25Z

Weaknesses