CVE-2026-2164
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
3Tags
Description
A security flaw has been discovered in detronetdip E-commerce 1.0.0. This issue affects some unknown processing of the file /seller/assets/backend/profile/addadhar.php. Performing a manipulation of the argument File results in unrestricted upload. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Analysis
Unrestricted file upload in detronetdip E-commerce 1.0.0 via the /seller/assets/backend/profile/addadhar.php endpoint allows unauthenticated remote attackers to upload arbitrary files. Public exploit code exists for this vulnerability, and the vendor has not yet released a patch despite early notification.
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all systems running detronetdip E-commerce 1.0.0 and restrict network access to the vulnerable /seller/assets/backend/profile/addadhar.php endpoint. Within 7 days: Implement Web Application Firewall (WAF) rules to block malicious requests to the affected endpoint and disable the Aadhaar upload feature if not business-critical. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today