Vulnerability Description
File Upload vulnerability in CubeCart before 6.5.5 allows an authenticated user to execute arbitrary code via a crafted .phar file.
CVSS Score
8.0
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cubecart | Cubecart | < 6.5.5 |
Related Weaknesses (CWE)
References
- https://forums.cubecart.com/topic/59046-cubecart-655-released-minor-security-updRelease Notes
- https://github.com/cubecart/v6Product
- https://github.com/cubecart/v6/commit/31a5ec39b0924b2111fbc3aa419bd8c5c3fc1841Patch
- https://github.com/julio-cfa/CVE-2024-33438Broken LinkExploitThird Party Advisory
- https://forums.cubecart.com/topic/59046-cubecart-655-released-minor-security-updRelease Notes
- https://github.com/cubecart/v6Product
- https://github.com/cubecart/v6/commit/31a5ec39b0924b2111fbc3aa419bd8c5c3fc1841Patch
- https://github.com/julio-cfa/CVE-2024-33438Broken LinkExploitThird Party Advisory
FAQ
What is CVE-2024-33438?
CVE-2024-33438 is a vulnerability with a CVSS score of 8.0 (HIGH). File Upload vulnerability in CubeCart before 6.5.5 allows an authenticated user to execute arbitrary code via a crafted .phar file.
How severe is CVE-2024-33438?
CVE-2024-33438 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-33438?
Check the references section above for vendor advisories and patch information. Affected products include: Cubecart Cubecart.