Vulnerability Description
An issue in Home-Made.io fastmagsync v.1.7.51 and before allows a remote attacker to execute arbitrary code via the getPhpBin() component.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Home-Made | Fastmag Sync | <= 1.7.51 |
Related Weaknesses (CWE)
References
- http://fastmagsync.comBroken Link
- http://home-madeio.comBroken Link
- https://reference1.example.com/modules/fastmagsync/crons/cron_mutualise_job_queuBroken Link
- https://security.friendsofpresta.org/modules/2024/03/19/fastmagsync.htmlThird Party Advisory
- https://www.home-made.io/module-fastmag-sync-prestashop/Product
- http://fastmagsync.comBroken Link
- http://home-madeio.comBroken Link
- https://reference1.example.com/modules/fastmagsync/crons/cron_mutualise_job_queuBroken Link
- https://security.friendsofpresta.org/modules/2024/03/19/fastmagsync.htmlThird Party Advisory
- https://www.home-made.io/module-fastmag-sync-prestashop/Product
FAQ
What is CVE-2024-28386?
CVE-2024-28386 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue in Home-Made.io fastmagsync v.1.7.51 and before allows a remote attacker to execute arbitrary code via the getPhpBin() component.
How severe is CVE-2024-28386?
CVE-2024-28386 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2024-28386?
Check the references section above for vendor advisories and patch information. Affected products include: Home-Made Fastmag Sync.