CVE-2024-43138

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 13, 2024

Updated: Sep 12, 2024

CWE ID 22

Summary

CVE-2024-43138 is a path traversal vulnerability affecting MagePeople Team Event Manager for WooCommerce. The issue arises due to improper limitation of a pathname, enabling an attacker to include PHP files locally. This can potentially lead to remote code execution. The affected version range is from n/a to 4.2.1. Users are advised to update to a patched version as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/xkOW0q
https://www.cve.org/CVERecord?id=CVE-2024-43138
https://nvd.nist.gov/vuln/detail/CVE-2024-43138

Back to Vulnerability Database

CVE-2024-43138

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations