7.2
CVE-2024-41924
- EPSS 0.11%
- Published 30.07.2024 09:15:05
- Last modified 18.03.2025 19:15:43
- Source vultures@jpcert.or.jp
- Teams watchlist Login
- Open Login
Acceptance of extraneous untrusted data with trusted data vulnerability exists in EC-CUBE 4 series. If this vulnerability is exploited, an attacker who obtained the administrative privilege may install an arbitrary PHP package. If the obsolete versions of PHP packages are installed, the product may be affected by some known vulnerabilities.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Vendorec-cube
≫
Product
ec-cube
Default Statusunknown
Version <=
4.0.6-p4
Version
4.0.0
Status
affected
Vendorec-cube
≫
Product
ec-cube
Default Statusunknown
Version <=
4.1.2-p3
Version
4.1.0
Status
affected
Vendorec-cube
≫
Product
ec-cube
Default Statusunknown
Version <=
4.2.3
Version
4.2.0
Status
affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.11% | 0.301 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-349 Acceptance of Extraneous Untrusted Data With Trusted Data
The product, when processing trusted data, accepts any untrusted data that is also included with the trusted data, treating the untrusted data as if it were trusted.