A vulnerability classified as critical has been found in Nanjing Xingyuantu Technology SparkShop up to 1.1.6. This affects an unknown part of the file contorller/common.php. The manipulation leads to unrestricted upload.
This vulnerability is uniquely identified as CVE-2024-40425. It is possible to initiate the attack remotely. There is no exploit available.