PrestaShop (1.6.x <= 1.6.1.23 or 1.7.x <= 1.7.4.4) Back Office Remote Code Execution (CVE-2018-19126)
PrestaShop Back Office Remote Code Execution (CVE-2018-19126)
This is the PoC for CVE-2018-19126, chaining multiple vulnerabilities in PrestaShop Back Office to trigger deserialization via phar to achieve remote code execution
Prerequisite:
PrestaShop 16x before 16123 or 17x before 1744
Back Office account (logistician, translator, salesman, etc)