cleantalk
Vulnerabilities and Security Researches

MStore API, 679d7241-a136-4eb3-a9ec-42de2492ddfc

CVE, Research URL

679d7241-a136-4eb3-a9ec-42de2492ddfc

Home page URL

Security reports for MStore API

Application

MStore API

Published on
-
Research Description
MStore API &#8211; Create Native Android &amp; iOS Apps On The Cloud [mstore-api] < 3.4.5 MStore API &lt; 3.4.5 - Unauthenticated PHP File Upload The api/flutter_woo/config_file REST endpoint of the plugin, does not have proper authorisation in place (only checking if the plugin has a license), nor enough validation against the config file sent in the request. As a result, unauthenticated users could use such endpoint to upload a PHP file, leading to RCE We confirmed that the issue is still present in the latest version (currently 3.4.4). The vendor has been notified on October 5th, 2021
Affected versions
max 3.4.5.
Status
vulnerable
Previous vulnerability researches
MStore API (CVE-2024-6328) , Jul 12, 2024
MStore API (fc7ecfd3-a53d-4ea7-8ef3-21d483d8a453) , Jun 16, 2026
MStore API (679d7241-a136-4eb3-a9ec-42de2492ddfc) , Jun 16, 2026
MStore API (6d230f3173dc0c1c7698859557af2d7a08437bac) , Jun 16, 2026
MStore API (d887b5dfeda43393faf6d8656a78dce9004a1e25) , Jun 16, 2026
New vulnerability
Media Library Assistant (CVE-2026-56012) , Jun 20, 2026
MStore API (CVE-2026-54817) , Jun 20, 2026
Bricksable for Bricks Builder (CVE-2026-56009) , Jun 20, 2026
Offload, AI &amp; Optimize with Cloudflare Images (CVE-2026-9860) , Jun 20, 2026
Royal Elementor Addons and Templates (CVE-2026-8118) , Jun 20, 2026