Vulnerabilities > CVE-2024-50497 - Inclusion of Functionality from Untrusted Control Sphere vulnerability in Buynowdepot Advanced Online Ordering and Delivery Platform

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

buynowdepot

CWE-829

critical

NVD

Published: 2024-10-28

Updated: 2024-10-31

Summary

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BuyNowDepot Advanced Online Ordering and Delivery Platform allows PHP Local File Inclusion.This issue affects Advanced Online Ordering and Delivery Platform: from n/a through 2.0.0.

Vulnerable Configurations

Part	Description	Count
Application	Buynowdepot Buynowdepot Advanced Online Ordering AND Delivery Platform *	1

Common Weakness Enumeration (CWE)

CWE-829 - Inclusion of Functionality from Untrusted Control Sphere

References

https://patchstack.com/database/vulnerability/advanced-online-ordering-and-delivery-platform/wordpress-advanced-online-ordering-and-delivery-platform-plugin-2-0-0-local-file-inclusion-vulnerability?_s_id=cve