PT-2024-35338 · Shopready · Shopready
João Pedro S Alcântara
·
Published
2024-11-28
·
Updated
2024-11-28
·
CVE-2024-52497
CVSS v3.1
7.5
High
| Vector | AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Shopready versions n/a through 3.5
Description
The issue affects the Shopready PHP application, allowing for PHP Local File Inclusion due to improper control of filename for include/require statement. This is related to a 'PHP Remote File Inclusion' vulnerability.
Recommendations
For versions n/a through 3.5, update to a version that fixes the improper control of filename for include/require statement issue to prevent PHP Local File Inclusion.
As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Shopready