Vulnerability Details CVE-2024-22724
An issue was discovered in osCommerce v4, allows local attackers to bypass file upload restrictions and execute arbitrary code via administrator profile photo upload feature.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 1.2%
CVSS Severity
CVSS v3 Score 6.6
References
- https://github.com/osCommerce/osCommerce-V4/issues/62
- https://medium.com/%40cupc4k3/oscommerce-v4-rce-unveiling-the-file-upload-bypass-threat-f1ac0097880c
- https://github.com/osCommerce/osCommerce-V4/issues/62
- https://medium.com/%40cupc4k3/oscommerce-v4-rce-unveiling-the-file-upload-bypass-threat-f1ac0097880c
Products affected by CVE-2024-22724
-
cpe:2.3:a:oscommerce:oscommerce:4.0