Arbitrary Code Execution Vulnerability in CubeCart Before 6.5.5
CVE-2024-33438

8HIGH

Key Information:

Vendor: CubeCart
Status: Cubecart
Vendor: CVE Published:; 29 April 2024

What is CVE-2024-33438?

A file upload vulnerability exists in CubeCart versions before 6.5.5, enabling an authenticated user to execute arbitrary code by uploading a specially crafted .phar file. This flaw poses significant risks, particularly if an attacker can gain authenticated access to the system, as it opens the door to potential exploitation and control over the server environment. It's crucial for users to update to version 6.5.5 or later to mitigate this vulnerability.

References

https://github.com/cubecart/v6

https://forums.cubecart.com/topic/59046-cubecart-655-rele...

https://github.com/julio-cfa/CVE-2024-33438

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 29, 2024

CVE-2024-33438 Data

JSON