CVE-2024-33438

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-33438

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-33438.json

Published

2024-04-29T18:15:08Z

Modified

2024-05-14T13:11:17.240182Z

Summary

[none]

Details

File Upload vulnerability in CubeCart before 6.5.5 allows an authenticated user to execute arbitrary code via a crafted .phar file.

References

Affected packages

Git / github.com/cubecart/v6

Affected ranges

Type: GIT
Repo: https://github.com/cubecart/v6
Events: Introduced

0The exact introduced commit is unknown

Fixed

31a5ec39b0924b2111fbc3aa419bd8c5c3fc1841

Affected versions

6.*

6.1.11pr

6.2.0-b1

v2.*

v2.6.7

v6.*

v6.0.0

v6.0.0b1

v6.0.0b2

v6.0.0b3

v6.0.0b4

v6.0.0b5

v6.0.0b6

v6.0.0b7

v6.0.1

v6.0.10

v6.0.11

v6.0.12

v6.0.2

v6.0.3

v6.0.4

v6.0.5

v6.0.6

v6.0.8

v6.0.9

v6.1.0

v6.1.1

v6.1.10

v6.1.11

v6.1.12

v6.1.13

v6.1.14

v6.1.15

v6.1.2

v6.1.3

v6.1.4

v6.1.5

v6.1.6

v6.1.7

v6.1.8

v6.1.9

v6.2.0

v6.2.0-b1

v6.2.0-rc1

v6.2.0-rc2

v6.2.1

v6.2.2

v6.2.3

v6.2.4

v6.2.5

v6.2.6

v6.2.8

v6.2.9

v6.4.0

v6.4.0-b1

v6.4.0-b2

v6.4.1

v6.4.10

v6.4.2

v6.4.3

v6.4.4

v6.4.5

v6.4.6

v6.4.7

v6.4.8

v6.4.9

v6.5.0

v6.5.1

v6.5.2

v6.5.3

v6.5.4