Lucene search

Https://gitlab.com/gitlab-org/security-products/gemnasium-dbGITLAB-DBE9F367970D1BEBBE7D908CD2B5F7EF

HistoryJun 05, 2024 - 12:00 a.m.

Remote code execution in web server context

2024-06-0500:00:00

https://gitlab.com/gitlab-org/security-products/gemnasium-db

gitlab.com

remote code execution

web server

administrative privileges

php code

software

7.5 High

AI Score

Confidence

Low

JSON

User with administrative privileges and upload files that look like images but contain PHP code which can then be executed in the context of the web server.

Affected configurations

Vulners

Node

packagistaimeos-coreRange2024.04.1≥

packagistaimeos-coreRange<2024.04.5

CPENameOperatorVersion
packagist/aimeos/aimeos-corege2024.04.1
packagist/aimeos/aimeos-corelt2024.04.5

CPE	Name	Operator	Version
	packagist/aimeos/aimeos-core	ge	2024.04.1
	packagist/aimeos/aimeos-core	lt	2024.04.5

References

github.com/advisories/GHSA-rhc2-23c2-ww7c

github.com/aimeos/aimeos-core

github.com/aimeos/aimeos-core/security/advisories/GHSA-rhc2-23c2-ww7c

7.5 High

AI Score

Confidence

Low

JSON