CVE-2024-41924

Published: Jul 30, 2024

Modified: Mar 18, 2025

PUBLISHED

Description

Acceptance of extraneous untrusted data with trusted data vulnerability exists in EC-CUBE 4 series. If this vulnerability is exploited, an attacker who obtained the administrative privilege may install an arbitrary PHP package. If the obsolete versions of PHP packages are installed, the product may be affected by some known vulnerabilities.

Vendor	Product	Versions
EC-CUBE CO.,LTD.	EC-CUBE 4 series	affected `4.0.0 to 4.0.6-p4` affected `4.1.0 to 4.1.2-p3` affected `and 4.2.0 to 4.2.3`

References

https://www.ec-cube.net/info/weakness/20240701/index.php

https://jvn.jp/en/jp/JVN48324254/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-41924

Description

Affected Products

References