How severe is CVE-2024-5762?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2024-5762?

This is classified as CWE-98, which is a common weakness in software security.

CVE-2024-5762 - HIGH Severity | CVSS 8.1

Vulnerability Description

Zen Cart findPluginAdminPage Local File Inclusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Zen Cart. Authentication is not required to exploit this vulnerability. The specific flaw exists within the findPluginAdminPage function. The issue results from the lack of proper validation of user-supplied data prior to passing it to a PHP include function. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the service account. Was ZDI-CAN-21408.

Related Vulnerabilities

CVE-2017-14095

HIGH

CVSS:8.1(High)

A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a local file inclusion on a vulnerable system...

CWE-982017

CVE-2021-21804

HIGH

CVSS:8.1(High)

A local file inclusion (LFI) vulnerability exists in the options.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). A specially crafted HTTP request can lead to arbitrary PHP code e...

CWE-982021

CVE-2024-11289

HIGH

CVSS:8.1(High)

The Soledad theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.5.9 via several functions like penci_archive_more_post_ajax_func, penci_more_post_ajax_fun...

CWE-982024

CVE-2024-21687

HIGH

CVSS:8.1(High)

This High severity File Inclusion vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0 and 9.6.0 of Bamboo Data Center and Server. This File Inclusion vulnerability, with ...

CWE-982024

CVE-2024-36569

HIGH

CVSS:8.1(High)

Sourcecodester Gas Agency Management System v1.0 is vulnerable to arbitrary code execution via editClientImage.php.

CWE-982024

CVE-2024-52381

HIGH

CVSS:8.1(High)

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Shoaib Rehmat ZIJ KART allows PHP Local File Inclusion.This issue affects ZIJ K...

CWE-982024