CVE-2024-22724

Опубликовано: 21 мар. 2024

Источник: nvd

CVSS3: 6.6

EPSS Низкий

Описание

An issue was discovered in osCommerce v4, allows local attackers to bypass file upload restrictions and execute arbitrary code via administrator profile photo upload feature.

Ссылки

https://github.com/osCommerce/osCommerce-V4/issues/62
Exploit
Issue Tracking
Third Party Advisory
https://medium.com/%40cupc4k3/oscommerce-v4-rce-unveiling-the-file-upload-bypass-threat-f1ac0097880c
Exploit
Third Party Advisory
https://github.com/osCommerce/osCommerce-V4/issues/62
Exploit
Issue Tracking
Third Party Advisory
https://medium.com/%40cupc4k3/oscommerce-v4-rce-unveiling-the-file-upload-bypass-threat-f1ac0097880c
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:oscommerce:oscommerce:4.0:*:*:*:*:*:*:*

EPSS

Процентиль: 3%

0.00016

Низкий

6.6 Medium

CVSS3

Дефекты

CWE-94

Связанные уязвимости

GHSA-h2ph-x33p-jmpm