CVE-2024-41924

HIGH Year: 2024
CVSS v3 Score
7.2
High
Weakness Type
CWE-349
View all →

Vulnerability Description

Acceptance of extraneous untrusted data with trusted data vulnerability exists in EC-CUBE 4 series. If this vulnerability is exploited, an attacker who obtained the administrative privilege may install an arbitrary PHP package. If the obsolete versions of PHP packages are installed, the product may be affected by some known vulnerabilities.

Related Vulnerabilities

CVE-2023-44317

HIGH
CVSS:7.2(High)

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.2.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.2.2), SCALANCE M80...

CWE-3492023

CVE-2024-53848

HIGH
CVSS:7.1(High)

check-jsonschema is a CLI and set of pre-commit hooks for jsonschema validation. The default cache strategy uses the basename of a remote schema as the name of the file in the cache, e.g. `https://exa...

CWE-3492024

CVE-2025-27415

HIGH
CVSS:7.5(High)

Nuxt is an open-source web development framework for Vue.js. Prior to 3.16.0, by sending a crafted HTTP request to a server behind an CDN, it is possible in some circumstances to poison the CDN cache ...

CWE-3492025

CVE-2025-29816

HIGH
CVSS:7.5(High)

Improper input validation in Microsoft Office Word allows an unauthorized attacker to bypass a security feature over a network.

CWE-3492025

CVE-2025-29842

HIGH
CVSS:7.5(High)

Acceptance of extraneous untrusted data with trusted data in UrlMon allows an unauthorized attacker to bypass a security feature over a network.

CWE-3492025

CVE-2020-8023

HIGH
CVSS:7.8(High)

A acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in the start script of openldap2 of SUSE Enterprise Storage 5, SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise D...

CWE-3492020