Vulnerable File Upload Mechanism in Aimeos E-commerce Framework

CVE-2024-37295

7.2HIGH

Key Information

Vendor
Aimeos
Status
Aimeos-core
Vendor
CVE Published:
11 June 2024

Summary

Aimeos is an open-source e-commerce framework for online shops, which has been found to have a critical vulnerability affecting versions up to 2024.04.4. The issue allows an authenticated user with administrative privileges to upload files that masquerade as images but can actually contain malicious PHP code. This code, once uploaded, could be executed on the web server, leading to unauthorized access and potential exploitation of the system. Users are strongly advised to upgrade to version 2024.04.5 to mitigate this vulnerability and enhance the security of their e-commerce applications. For more details, refer to the security advisory at GitHub.

Affected Version(s)

aimeos-core = >= 2024.04.1, < 2024.04.5

References

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.