CVE-2024-37295: Remote code execution in web server context

June 5, 2024 (updated June 11, 2024)

User with administrative privileges and upload files that look like images but contain PHP code which can then be executed in the context of the web server.

References

github.com/advisories/GHSA-rhc2-23c2-ww7c
github.com/aimeos/aimeos-core
github.com/aimeos/aimeos-core/security/advisories/GHSA-rhc2-23c2-ww7c
nvd.nist.gov/vuln/detail/CVE-2024-37295

Detect and mitigate CVE-2024-37295 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →