CVE-2024-33438

HIGH

Cubecart < 6.5.5 - Unrestricted File Upload

Title source: rule
STIX 2.1

Description

File Upload vulnerability in CubeCart before 6.5.5 allows an authenticated user to execute arbitrary code via a crafted .phar file.

Exploits (1)

nomisec WORKING POC 3 stars
by julio-cfa · poc
https://github.com/julio-cfa/CVE-2024-33438

References (4)

Scores

CVSS v3 8.0
EPSS 0.0020
EPSS Percentile 41.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-434
Status published
Products (1)
cubecart/cubecart < 6.5.5
Published Apr 29, 2024
Tracked Since Feb 18, 2026