CVE-2024-33438

Published April 29th, 2024

View on NVD ↗

CVSS v3

8

HIGH

CVSS v2

N/A

Affected

2

PROJECTS

Description

File Upload vulnerability in CubeCart before 6.5.5 allows an authenticated user to execute arbitrary code via a crafted .phar file.

CubeCart Version 6

GitHub

74

julio-cfa/CVE-2024-33438UNAVAILABLE

CubeCart <= 6.5.4 is vulnerable to an arbitrary file upload that leads to remote code execution (RCE).

GitHub

3