CVE-2024-41924

Acceptance of extraneous untrusted data with trusted data vulnerability exists in EC-CUBE 4 series. If this vulnerability is exploited, an attacker who obtained the administrative privilege may install an arbitrary PHP package. If the obsolete versions of PHP packages are installed, the product may be affected by some known vulnerabilities.

CVSS

No CVSS.

References

Link	Resource
https://jvn.jp/en/jp/JVN48324254/
https://www.ec-cube.net/info/weakness/20240701/index.php

Configurations

No configuration.

History

30 Jul 2024, 13:32

Type	Values Removed	Values Added
Summary		(es) En la serie EC-CUBE 4 existe la aceptación de datos extraños que no son de confianza con vulnerabilidad de datos confiables. Si se explota esta vulnerabilidad, un atacante que obtuvo el privilegio administrativo puede instalar un paquete PHP arbitrario. Si se instalan versiones obsoletas de paquetes PHP, el producto puede verse afectado por algunas vulnerabilidades conocidas.

30 Jul 2024, 09:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-30 09:15

Updated : 2024-07-30 13:32

NVD link : CVE-2024-41924

Mitre link : CVE-2024-41924

CVE.ORG link : CVE-2024-41924

JSON object : View

Products Affected

No product.

CWE

No CWE.

JSON object

Attach tags to CVE-2024-41924

Attach tags to `CVE-2024-41924`