osCommerce Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-22724)
Description
An issue was discovered in osCommerce v4, allows local attackers to bypass file upload restrictions and execute arbitrary code via administrator profile photo upload feature.