Lucene search

GoogleOSV:CVE-2024-36811

HistoryJun 07, 2024 - 7:15 p.m.

CVE-2024-36811

2024-06-0719:15:23

Google

osv.dev

arbitrary file upload

image upload function

aimeos-core

arbitrary code execution

software

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

Percentile

15.5%

JSON

An arbitrary file upload vulnerability in the image upload function of aimeos-core v2024.04 allows attackers to execute arbitrary code via uploading a crafted PHP file.

References

drive.google.com/file/d/1n5_t-zmKHbx3H47xdhR5kuHTDc0Gxur3/view?usp=sharing

drive.google.com/file/d/1QJWwaDB6smLCuNp10yZKWgpELTQJax31/view?usp=sharing

github.com/aimeos/aimeos-core/commit/13e163126adff48f987b3b6faca28551effe0205

github.com/aimeos/aimeos-core/commit/5eea7aa933ac7402044bc6d282f96fba44475ee2

github.com/ssshah2131/CVE/blob/main/Aimeos_RCE

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

Percentile

15.5%

JSON

Related for OSV:CVE-2024-36811