CVE-2024-28386 - Vulnerability Details - OpenCVE

An issue in Home-Made.io fastmagsync v.1.7.51 and before allows a remote attacker to execute arbitrary code via the getPhpBin() component.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.01824.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Home-made	Fastmag Sync
Home-made Io	Fastmagsync

Configuration 1 [-]

cpe:2.3:a:home-made:fastmag_sync:*:*:*:*:*:prestashop:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2024-25484	An issue in Home-Made.io fastmagsync v.1.7.51 and before allows a remote attacker to execute arbitrary code via the getPhpBin() component.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://fastmagsync.com
http://home-madeio.com
https://reference1.example.com/modules/fastmagsync/crons/cron_mutualise_job_queue.php?hosting=.%20%26%20%20echo%20%27%3C%3Fphp%20echo%20%2242ovh%22%3B%27%20%3E%20a.php%3B%23&syncway=tofastmag
https://security.friendsofpresta.org/modules/2024/03/19/fastmagsync.html
https://www.home-made.io/module-fastmag-sync-prestashop/

History

Thu, 18 Sep 2025 16:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Home-made Home-made fastmag Sync
CPEs		cpe:2.3:a:home-made:fastmag_sync::::::prestashop::*
Vendors & Products		Home-made Home-made fastmag Sync

Thu, 10 Apr 2025 19:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Home-made Io Home-made Io fastmagsync
CPEs		cpe:2.3:a:home-made_io:fastmagsync::::::::
Vendors & Products		Home-made Io Home-made Io fastmagsync
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-03-25T00:00:00.000Z

Updated: 2025-04-10T18:32:48.201Z

Reserved: 2024-03-08T00:00:00.000Z

Link: CVE-2024-28386

Vulnrichment

Updated: 2024-08-02T00:56:56.449Z

NVD

Status : Analyzed

Published: 2024-03-25T14:15:09.553

Modified: 2025-09-18T16:41:01.477

Link: CVE-2024-28386

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-28386", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-04-10T18:32:48.201Z", "dateReserved": "2024-03-08T00:00:00.000Z", "datePublished": "2024-03-25T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-03-25T13:16:48.584Z"}, "descriptions": [{"lang": "en", "value": "An issue in Home-Made.io fastmagsync v.1.7.51 and before allows a remote attacker to execute arbitrary code via the getPhpBin() component."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "http://fastmagsync.com"}, {"url": "http://home-madeio.com"}, {"url": "https://reference1.example.com/modules/fastmagsync/crons/cron_mutualise_job_queue.php?hosting=.%20%26%20%20echo%20%27%3C%3Fphp%20echo%20%2242ovh%22%3B%27%20%3E%20a.php%3B%23&syncway=tofastmag"}, {"url": "https://www.home-made.io/module-fastmag-sync-prestashop/"}, {"url": "https://security.friendsofpresta.org/modules/2024/03/19/fastmagsync.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-94", "lang": "en", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "affected": [{"vendor": "home-made_io", "product": "fastmagsync", "cpes": ["cpe:2.3:a:home-made_io:fastmagsync:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "v1.7.51", "status": "affected"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-03-26T19:26:34.534758Z", "id": "CVE-2024-28386", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-10T18:32:48.201Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:56:56.449Z"}, "title": "CVE Program Container", "references": [{"url": "http://fastmagsync.com", "tags": ["x_transferred"]}, {"url": "http://home-madeio.com", "tags": ["x_transferred"]}, {"url": "https://reference1.example.com/modules/fastmagsync/crons/cron_mutualise_job_queue.php?hosting=.%20%26%20%20echo%20%27%3C%3Fphp%20echo%20%2242ovh%22%3B%27%20%3E%20a.php%3B%23&syncway=tofastmag", "tags": ["x_transferred"]}, {"url": "https://www.home-made.io/module-fastmag-sync-prestashop/", "tags": ["x_transferred"]}, {"url": "https://security.friendsofpresta.org/modules/2024/03/19/fastmagsync.html", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://fastmagsync.com", "tags": ["x_transferred"]}, {"url": "http://home-madeio.com", "tags": ["x_transferred"]}, {"url": "https://reference1.example.com/modules/fastmagsync/crons/cron_mutualise_job_queue.php?hosting=.%20%26%20%20echo%20%27%3C%3Fphp%20echo%20%2242ovh%22%3B%27%20%3E%20a.php%3B%23&syncway=tofastmag", "tags": ["x_transferred"]}, {"url": "https://www.home-made.io/module-fastmag-sync-prestashop/", "tags": ["x_transferred"]}, {"url": "https://security.friendsofpresta.org/modules/2024/03/19/fastmagsync.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:56:56.449Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-28386", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-03-26T19:26:34.534758Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:home-made_io:fastmagsync:*:*:*:*:*:*:*:*"], "vendor": "home-made_io", "product": "fastmagsync", "versions": [{"status": "affected", "version": "v1.7.51"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-16T17:56:17.750Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "http://fastmagsync.com"}, {"url": "http://home-madeio.com"}, {"url": "https://reference1.example.com/modules/fastmagsync/crons/cron_mutualise_job_queue.php?hosting=.%20%26%20%20echo%20%27%3C%3Fphp%20echo%20%2242ovh%22%3B%27%20%3E%20a.php%3B%23&syncway=tofastmag"}, {"url": "https://www.home-made.io/module-fastmag-sync-prestashop/"}, {"url": "https://security.friendsofpresta.org/modules/2024/03/19/fastmagsync.html"}], "descriptions": [{"lang": "en", "value": "An issue in Home-Made.io fastmagsync v.1.7.51 and before allows a remote attacker to execute arbitrary code via the getPhpBin() component."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-03-25T13:16:48.584Z"}}}, "cveMetadata": {"cveId": "CVE-2024-28386", "state": "PUBLISHED", "dateUpdated": "2025-04-10T18:32:48.201Z", "dateReserved": "2024-03-08T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-03-25T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:home-made:fastmag_sync:*:*:*:*:*:prestashop:*:*", "matchCriteriaId": "32DECB99-6E13-4505-B323-2A7E73BFD6DB", "versionEndIncluding": "1.7.51", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue in Home-Made.io fastmagsync v.1.7.51 and before allows a remote attacker to execute arbitrary code via the getPhpBin() component."}, {"lang": "es", "value": "Un problema en Home-Made.io fastmagsync v.1.7.51 y anteriores permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del componente getPhpBin()."}], "id": "CVE-2024-28386", "lastModified": "2025-09-18T16:41:01.477", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-03-25T14:15:09.553", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://fastmagsync.com"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://home-madeio.com"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "https://reference1.example.com/modules/fastmagsync/crons/cron_mutualise_job_queue.php?hosting=.%20%26%20%20echo%20%27%3C%3Fphp%20echo%20%2242ovh%22%3B%27%20%3E%20a.php%3B%23&syncway=tofastmag"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.friendsofpresta.org/modules/2024/03/19/fastmagsync.html"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://www.home-made.io/module-fastmag-sync-prestashop/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://fastmagsync.com"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://home-madeio.com"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://reference1.example.com/modules/fastmagsync/crons/cron_mutualise_job_queue.php?hosting=.%20%26%20%20echo%20%27%3C%3Fphp%20echo%20%2242ovh%22%3B%27%20%3E%20a.php%3B%23&syncway=tofastmag"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.friendsofpresta.org/modules/2024/03/19/fastmagsync.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://www.home-made.io/module-fastmag-sync-prestashop/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}