Vulnerable File Upload Mechanism in Aimeos E-commerce Framework
CVE-2024-37295
7.2HIGH
Key Information
- Vendor
- Aimeos
- Status
- Aimeos-core
- Vendor
- CVE Published:
- 11 June 2024
Summary
Aimeos is an open-source e-commerce framework for online shops, which has been found to have a critical vulnerability affecting versions up to 2024.04.4. The issue allows an authenticated user with administrative privileges to upload files that masquerade as images but can actually contain malicious PHP code. This code, once uploaded, could be executed on the web server, leading to unauthorized access and potential exploitation of the system. Users are strongly advised to upgrade to version 2024.04.5 to mitigate this vulnerability and enhance the security of their e-commerce applications. For more details, refer to the security advisory at GitHub.
Affected Version(s)
aimeos-core = >= 2024.04.1, < 2024.04.5
References
CVSS V3.1
Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database