CVE-2024-34832

1976-01-0100:00:00

mitre

github.com

AI Score

7.7

Confidence

Low

SSVC

Exploitation

poc

Automatable

yes

Technical Impact

total

JSON

Directory Traversal vulnerability in CubeCart v.6.5.5 and before allows an attacker to execute arbitrary code via a crafted file uploaded to the _g and node parameters.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:cubecart:cubecart:*:*:*:*:*:*:*:*"
    ],
    "vendor": "cubecart",
    "product": "cubecart",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "6.5.5"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

github.com/julio-cfa/CVE-2024-34832