Lucene search

K

[email protected]CVE-2024-33438

HistoryApr 29, 2024 - 6:15 p.m.

CVE-2024-33438

2024-04-2918:15:08

[email protected]

web.nvd.nist.gov

24

cubecart 6.5.5

file upload

arbitrary code

authentication

phar file

7.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.8%

File Upload vulnerability in CubeCart before 6.5.5 allows an authenticated user to execute arbitrary code via a crafted .phar file.

References

forums.cubecart.com/topic/59046-cubecart-655-released-minor-security-update/

github.com/cubecart/v6

github.com/cubecart/v6/commit/31a5ec39b0924b2111fbc3aa419bd8c5c3fc1841

github.com/julio-cfa/CVE-2024-33438

7.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.8%

Related for CVE-2024-33438

cvelist1 nvd1 osv1 githubexploit1