CVE-2024-24028 | Likeshop up to 2.5.6 updateWechatInfo avatar server-side request forgery

CVE-2024-24028 | Likeshop up to 2.5.6 updateWechatInfo avatar server-side request forgery

A vulnerability, which was classified as problematic, was found in Likeshop up to 2.5.6. This affects the function UserLogic::updateWechatInfo. The manipulation of the argument avatar leads to server-side request forgery. This vulnerability is uniquely identified as CVE-2024-24028. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.