CVE-2024-34832

CRITICAL

CubeCart < 6.5.5 - Path Traversal and Arbitrary Code Execution via _g and node Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-34832. PoCs published by julio-cfa.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2024-34832, a directory traversal vulnerability in CubeCart that can lead to RCE. It explains how the `_g` and `node` parameters are used to include `.inc.php` files and demonstrates the exploitation process with prerequisites and screenshots.

Description

Directory Traversal vulnerability in CubeCart v.6.5.5 and before allows an attacker to execute arbitrary code via a crafted file uploaded to the _g and node parameters.

Exploits (1)

nomisec WRITEUP

by julio-cfa · poc

https://github.com/julio-cfa/CVE-2024-34832

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2024-34832, a directory traversal vulnerability in CubeCart that can lead to RCE. It explains how the `_g` and `node` parameters are used to include `.inc.php` files and demonstrates the exploitation process with prerequisites and screenshots.

Classification

Writeup 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: CubeCart

Auth required

Prerequisites: Access to the admin panel · Ability to upload `.inc.php` files anywhere on the server

MITRE ATT&CK

T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory

https://github.com/julio-cfa/CVE-2024-34832

Scores

CVSS v3 9.8

EPSS 0.0501

EPSS Percentile 91.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-22

Status published

Products (1)

cubecart/cubecart < 6.5.5

Published Jun 06, 2024

Tracked Since Feb 18, 2026