CVE-2024-41924
7.2
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Acceptance of extraneous untrusted data with trusted data vulnerability exists in EC-CUBE 4 series. If this vulnerability is exploited, an attacker who obtained the administrative privilege may install an arbitrary PHP package. If the obsolete versions of PHP packages are installed, the product may be affected by some known vulnerabilities.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| EC-CUBE CO.,LTD. | EC-CUBE 4 series | 4.0.0 to 4.0.6-p4 | affected |
| EC-CUBE CO.,LTD. | EC-CUBE 4 series | 4.1.0 to 4.1.2-p3 | affected |
| EC-CUBE CO.,LTD. | EC-CUBE 4 series | and 4.2.0 to 4.2.3 | affected |
Weaknesses
- Acceptance of extraneous untrusted data with trusted data
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.