Home > Vulnerability Database > CVE-2024-37295

Mend.io Vulnerability Database

CVE-2024-37295

Date: June 11, 2024

Aimeos is an Open Source e-commerce framework for online shops. Starting in version 2024.01.1 and prior to version 2024.04.5, a user with administrative privileges can upload files that look like images but contain PHP code which can then be executed in the context of the web server. Version 2024.04.5 fixes the issue.

Language: PHP

Severity Score

7.2

Related Resources (4)

Url: https://github.com/aimeos/aimeos-core/security/advisories/GHSA-rhc2-23c2-ww7c

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-37295

Url: https://github.com/aimeos/aimeos-core

Url: https://www.mend.io/vulnerability-database/CVE-2024-37295

Severity Score

7.2

Weakness Type (CWE)

External Control of File Name or Path

CWE-73

CVSS v3.1

Base Score:	7.2
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-37295

Date: June 11, 2024

Language: PHP

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?