CVE-2024-22550

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Jan 26, 2024

Updated: Feb 2, 2024

CWE ID 434

Summary

CVE-2024-22550 is a serious vulnerability affecting ShopSite version 14.0. The issue lies in the /alsdemo/ss/mediam.cgi component, where an arbitrary file upload function is exploitable. An attacker can upload a specially crafted SVG file to execute arbitrary code, potentially leading to unauthorized system access or data theft. This vulnerability poses a significant risk to websites using ShopSite v14.0 and requires immediate attention and patching to mitigate potential threats.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Shopsite

Affected Vendors

SHOP SITE

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/uGv1Jx
https://www.cve.org/CVERecord?id=CVE-2024-22550
https://nvd.nist.gov/vuln/detail/CVE-2024-22550

Back to Vulnerability Database