CVE-2026-2164

critical

Published 2026-02-08 · Modified 2026-04-29

CVSS v3

9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2

7.5

VIR risk

9.8

Description

A security flaw has been discovered in detronetdip E-commerce 1.0.0. This issue affects some unknown processing of the file /seller/assets/backend/profile/addadhar.php. Performing a manipulation of the argument File results in unrestricted upload. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

Predictions

Exploit likelihood

97%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cna@vuldb.com — https://github.com/detronetdip/E-commerce/issues/23

vendor Authored 2026-05-27

Vendor advisory: cna@vuldb.com — https://github.com/Nixon-H/PHP-Unrestricted-Upload-RCE

Application impact

Vendor	Product	Versions	Fixed
detronetdip	e-commerce	`1.0.0`

References

CWEs

CWE-284 CWE-434

Verify integrity in audit chain (admin only). AS-IS.