Home > Vulnerability Database > CVE-2024-41924

Mend.io Vulnerability Database

CVE-2024-41924

Good to know:

Date: July 30, 2024

Acceptance of extraneous untrusted data with trusted data vulnerability exists in EC-CUBE 4 series. If this vulnerability is exploited, an attacker who obtained the administrative privilege may install an arbitrary PHP package. If the obsolete versions of PHP packages are installed, the product may be affected by some known vulnerabilities.

Language: PHP

Severity Score

6.8

Related Resources (4)

Url: https://www.ec-cube.net/info/weakness/20240701/index.php

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-41924

Url: https://jvn.jp/en/jp/JVN48324254/

Url: https://www.mend.io/vulnerability-database/CVE-2024-41924

Severity Score

6.8

Top Fix

Upgrade Version

Upgrade to version ec-cube/ec-cube-4.0.6-p5,4.1.2-p4,4.2.3-p1

Learn More

CVSS v3.1

Base Score:	6.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-41924

Good to know:

Date: July 30, 2024

Language: PHP

Severity Score

Related Resources (4)

Severity Score

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?