CVE-2024-34832
CubeCart - Directory Traversal May Lead To RCE (CVE-2024-34832)
TL;DR
In the admin panel, parameters such as _g and node are used to construct the path to include incphp files and execute PHP code A malicious user with the ability to upload incphp files anywhere on the server can exploit a path traversal vulnerability to include them and execute malicious code
Prerequisit