CVE-2024-37295

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-37295

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-37295.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-37295

Aliases

GHSA-rhc2-23c2-ww7c

Published

2024-06-11T14:38:17.416Z

Modified

2026-03-14T12:34:29.541121Z

Severity

7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Aimeos Core remote code execution in web server context

Details

Aimeos is an Open Source e-commerce framework for online shops. Starting in version 2024.01.1 and prior to version 2024.04.5, a user with administrative privileges can upload files that look like images but contain PHP code which can then be executed in the context of the web server. Version 2024.04.5 fixes the issue.

Database specific

{
    "cwe_ids": [
        "CWE-73"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/37xxx/CVE-2024-37295.json",
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/aimeos/aimeos-core

Affected ranges

Type

GIT

Repo

https://github.com/aimeos/aimeos-core

Events

Introduced

b98caa18d1a4c3d77f8f4f759cb036a9d481bae9

Fixed

5eea7aa933ac7402044bc6d282f96fba44475ee2

Database specific

{
    "versions": [
        {
            "introduced": "2024.04.1"
        },
        {
            "fixed": "2024.04.5"
        }
    ]
}

Affected versions

2024.*

2024.04.1

2024.04.2

2024.04.3

2024.04.4

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-37295.json"