GHSA-rhc2-23c2-ww7c

Source

https://github.com/advisories/GHSA-rhc2-23c2-ww7c

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-rhc2-23c2-ww7c/GHSA-rhc2-23c2-ww7c.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-rhc2-23c2-ww7c

Aliases

CVE-2024-37295

Published

2024-06-05T13:29:47Z

Modified

2024-06-11T21:14:02.296786Z

Severity

7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Remote code execution in web server context

Details

Impact

User with administrative privileges and upload files that look like images but contain PHP code which can then be executed in the context of the web server.

Database specific

{
    "nvd_published_at": "2024-06-11T15:16:09Z",
    "cwe_ids": [
        "CWE-73"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2024-06-05T13:29:47Z"
}

References

Affected packages

Packagist / aimeos/aimeos-core

Package

Name: aimeos/aimeos-core
Purl: pkg:composer/aimeos/aimeos-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2024.04.1

Fixed

2024.04.5

Affected versions

2024.*

2024.04.1

2024.04.2

2024.04.3

2024.04.4