← volver
CVE-2024-22724

CVE-2024-22724

CVSS 6.6 MEDIUMEPSS 0.3%CWE-94
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 6.6EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
21 mar 2024Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
An issue was discovered in osCommerce v4, allows local attackers to bypass file upload restrictions and execute arbitrary code via administrator profile photo upload feature.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Productos afectados
n/a · n/a