CVE-2024-25415

Name of the Vulnerable Software and Affected Versions CE Phoenix versions 1.0.8.20

Description The issue is related to incorrect code generation management in the /admin/define language.php script of the CE Phoenix e-commerce software. This allows a remote attacker to execute arbitrary code by injecting a crafted payload into the english.php file. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For version 1.0.8.20, consider disabling access to the /admin/define language.php script until a patch is available. Restrict modifications to the english.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.