CVE-2024-33438
- Source
- https://cve.org/CVERecord?id=CVE-2024-33438
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-33438.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-33438
- Published
- 2024-04-29T18:15:08.047Z
- Modified
- 2025-11-20T12:26:32.466572Z
- Severity
-
- 8.0 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
File Upload vulnerability in CubeCart before 6.5.5 allows an authenticated user to execute arbitrary code via a crafted .phar file.
- References
Affected packages
Git / github.com/cubecart/v6
Affected ranges
- Type
- GIT
- Repo
- https://github.com/cubecart/v6
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
6.*
6.1.11pr
6.2.0-b1
v2.*
v2.6.7
v6.*
v6.0.0
v6.0.0b1
v6.0.0b2
v6.0.0b3
v6.0.0b4
v6.0.0b5
v6.0.0b6
v6.0.0b7
v6.0.1
v6.0.10
v6.0.11
v6.0.12
v6.0.2
v6.0.3
v6.0.4
v6.0.5
v6.0.6
v6.0.8
v6.0.9
v6.1.0
v6.1.1
v6.1.10
v6.1.11
v6.1.12
v6.1.13
v6.1.14
v6.1.15
v6.1.2
v6.1.3
v6.1.4
v6.1.5
v6.1.6
v6.1.7
v6.1.8
v6.1.9
v6.2.0
v6.2.0-b1
v6.2.0-rc1
v6.2.0-rc2
v6.2.1
v6.2.2
v6.2.3
v6.2.4
v6.2.5
v6.2.6
v6.2.8
v6.2.9
v6.4.0
v6.4.0-b1
v6.4.0-b2
v6.4.1
v6.4.10
v6.4.2
v6.4.3
v6.4.4
v6.4.5
v6.4.6
v6.4.7
v6.4.8
v6.4.9
v6.5.0
v6.5.1
v6.5.2
v6.5.3
v6.5.4