CVE-2024-28386
CRITICALfastmag_sync < 1.7.51 - Remote Code Execution via getPhpBin() Component
Title source: llmDescription
An issue in Home-Made.io fastmagsync v.1.7.51 and before allows a remote attacker to execute arbitrary code via the getPhpBin() component.
References (5)
Core 5
Core References
Broken Link
http://fastmagsync.com
Broken Link
http://home-madeio.com
Third Party Advisory
https://security.friendsofpresta.org/modules/2024/03/19/fastmagsync.html
Scores
CVSS v3
9.8
EPSS
0.0145
EPSS Percentile
70.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-94
Status
published
Products (1)
home-made/fastmag_sync
< 1.7.51
Published
Mar 25, 2024
Tracked Since
Feb 18, 2026