CVE-2024-22724

An issue was discovered in osCommerce v4, allows local attackers to bypass file upload restrictions and execute arbitrary code via administrator profile photo upload feature.

CVSS v3 6.6 MEDIUM

6.6^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 4.7

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://github.com/osCommerce/osCommerce-V4/issues/62	Exploit Issue Tracking Third Party Advisory
https://medium.com/%40cupc4k3/oscommerce-v4-rce-unveiling-the-file-upload-bypass-threat-f1ac0097880c	Exploit Third Party Advisory
https://github.com/osCommerce/osCommerce-V4/issues/62	Exploit Issue Tracking Third Party Advisory
https://medium.com/%40cupc4k3/oscommerce-v4-rce-unveiling-the-file-upload-bypass-threat-f1ac0097880c	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:oscommerce:oscommerce:4.0:*:*:*:*:*:*:*

History

27 Jun 2025, 15:21

Type	Values Removed	Values Added
CPE		cpe:2.3:a:oscommerce:oscommerce:4.0:::::::*
First Time		Oscommerce oscommerce Oscommerce
References	~~() https://github.com/osCommerce/osCommerce-V4/issues/62 -~~	() https://github.com/osCommerce/osCommerce-V4/issues/62 - Exploit, Issue Tracking, Third Party Advisory
References	~~() https://medium.com/%40cupc4k3/oscommerce-v4-rce-unveiling-the-file-upload-bypass-threat-f1ac0097880c -~~	() https://medium.com/%40cupc4k3/oscommerce-v4-rce-unveiling-the-file-upload-bypass-threat-f1ac0097880c - Exploit, Third Party Advisory

Information

Published : 2024-03-21 04:15

Updated : 2025-06-27 15:21

NVD link : CVE-2024-22724

Mitre link : CVE-2024-22724

CVE.ORG link : CVE-2024-22724

JSON object : View

Products Affected

oscommerce

oscommerce

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

{"id": "CVE-2024-22724", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.6, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.7, "exploitabilityScore": 1.8}]}, "published": "2024-03-21T04:15:09.327", "references": [{"url": "https://github.com/osCommerce/osCommerce-V4/issues/62", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://medium.com/%40cupc4k3/oscommerce-v4-rce-unveiling-the-file-upload-bypass-threat-f1ac0097880c", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/osCommerce/osCommerce-V4/issues/62", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://medium.com/%40cupc4k3/oscommerce-v4-rce-unveiling-the-file-upload-bypass-threat-f1ac0097880c", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in osCommerce v4, allows local attackers to bypass file upload restrictions and execute arbitrary code via administrator profile photo upload feature."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en osCommerce v4 que permite a atacantes locales eludir las restricciones de carga de archivos y ejecutar c\u00f3digo arbitrario a trav\u00e9s de la funci\u00f3n de carga de fotos de perfil del administrador."}], "lastModified": "2025-06-27T15:21:43.277", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oscommerce:oscommerce:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D289144B-230C-46DA-B11D-9A1D3A1DFCE9"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}