CVE-2024-22724

Published March 21st, 2024

View on NVD ↗

CVSS v3

6.6

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

An issue was discovered in osCommerce v4, allows local attackers to bypass file upload restrictions and execute arbitrary code via administrator profile photo upload feature.

osCommerce/osCommerce-V4

GitHub