CVE-2024-22724

An issue was discovered in osCommerce v4, allows local attackers to bypass file upload restrictions and execute arbitrary code via administrator profile photo upload feature.
Configurations

No configuration.

History

21 Nov 2024, 08:56

Type Values Removed Values Added
References () https://github.com/osCommerce/osCommerce-V4/issues/62 - () https://github.com/osCommerce/osCommerce-V4/issues/62 -
References () https://medium.com/%40cupc4k3/oscommerce-v4-rce-unveiling-the-file-upload-bypass-threat-f1ac0097880c - () https://medium.com/%40cupc4k3/oscommerce-v4-rce-unveiling-the-file-upload-bypass-threat-f1ac0097880c -

06 Aug 2024, 15:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.6
CWE CWE-94
Summary
  • (es) Se descubrió un problema en osCommerce v4 que permite a atacantes locales eludir las restricciones de carga de archivos y ejecutar código arbitrario a través de la función de carga de fotos de perfil del administrador.

21 Mar 2024, 04:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-03-21 04:15

Updated : 2024-11-21 08:56


NVD link : CVE-2024-22724

Mitre link : CVE-2024-22724

CVE.ORG link : CVE-2024-22724


JSON object : View

Products Affected

No product.

CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')