Lucene search

GoogleOSV:CVE-2024-33438

HistoryApr 29, 2024 - 6:15 p.m.

CVE-2024-33438

2024-04-2918:15:08

Google

osv.dev

cubecart

file upload

vulnerability

arbitrary code

7.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.8%

File Upload vulnerability in CubeCart before 6.5.5 allows an authenticated user to execute arbitrary code via a crafted .phar file.

CPENameOperatorVersion
v6eq6.1.0
v6eq6.0.1
v6eq6.1.15
v6eq6.1.3
v6eq2.6.7
v6eq6.2.0-rc1
v6eq6.1.6
v6eq6.2.8
v6eq6.4.3
v6eq6.5.3

Name	Operator	Version
v6	eq	6.1.0
v6	eq	6.0.1
v6	eq	6.1.15
v6	eq	6.1.3
v6	eq	2.6.7
v6	eq	6.2.0-rc1
v6	eq	6.1.6
v6	eq	6.2.8
v6	eq	6.4.3
v6	eq	6.5.3

Rows per page:

1-10 of 671

References

forums.cubecart.com/topic/59046-cubecart-655-released-minor-security-update/

github.com/cubecart/v6

github.com/cubecart/v6/commit/31a5ec39b0924b2111fbc3aa419bd8c5c3fc1841

github.com/julio-cfa/CVE-2024-33438