Arbitrary Code Execution Vulnerability in CubeCart Before 6.5.5

CVE-2024-33438

What is CVE-2024-33438?

A file upload vulnerability exists in CubeCart versions before 6.5.5, enabling an authenticated user to execute arbitrary code by uploading a specially crafted .phar file. This flaw poses significant risks, particularly if an attacker can gain authenticated access to the system, as it opens the door to potential exploitation and control over the server environment. It's crucial for users to update to version 6.5.5 or later to mitigate this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References