CVE-2026-36767

Published April 30th, 2026

View on NVD ↗

CVSS v3

CRITICAL

CVSS v2

N/A

Affected

PROJECT

Description

A path traversal vulnerability in the /content/images/add endpoint of shopizer v3.2.5 allows attackers write arbitrary files to any writeable path via a crafted POST request.

shopizer-ecommerce/shopizer

Shopizer java e-commerce software

GitHub

3.91K