AspDotNetStorefront contains a flaw that may allow a malicious user to upload and execute any file. The issue is triggered when a user uploads a file via /aspdotnetcart/admin/images.aspx which fails to check for correct mime types. It is possible that the flaw may allow remote code execution resulting in a loss of integrity. Successful exploitation requires knowledge of an administrative password.
Updates are available for customers to download. An upgrade is required as there are no known workarounds.