CVE-2024-22724

An issue was discovered in osCommerce v4, allows local attackers to bypass file upload restrictions and execute arbitrary code via administrator profile photo upload feature. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt