CVE-2024-50497 | THREATINT

Description

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BuyNowDepot Advanced Online Ordering and Delivery Platform allows PHP Local File Inclusion.This issue affects Advanced Online Ordering and Delivery Platform: from n/a through 2.0.0.

PUBLISHED Reserved 2024-10-24 | Published 2024-10-28 | Updated 2024-10-28 | Assigner Patchstack

HIGH: 8.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Product status

Default status

unaffected

Any version

affected

Credits

stealthcopter (Patchstack Alliance) finder

References

patchstack.com/...cal-file-inclusion-vulnerability?_s_id=cve vdb-entry

cve.org (CVE-2024-50497)

nvd.nist.gov (CVE-2024-50497)

Download JSON