Published: 09/11/2018 Updated: 03/10/2019

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 570

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P

PrestaShop 1.6.x prior to 1.6.1.23 and 1.7.x prior to 1.7.4.4 allows remote malicious users to delete an image directory.

Vulnerable Product	Search on Vulmon	Subscribe to Product
prestashop prestashop

PrestaShop versions 16x and 17x suffer from a remote code execution vulnerability ...

PrestaShop (1.6.x <= 1.6.1.23 or 1.7.x <= 1.7.4.4) Back Office Remote Code Execution (CVE-2018-19126)

PrestaShop Back Office Remote Code Execution (CVE-2018-19126) This is the PoC for CVE-2018-19126, chaining multiple vulnerabilities in PrestaShop Back Office to trigger deserialization via phar to achieve remote code execution Prerequisite: PrestaShop 16x before 16123 or 17x before 1744 Back Office account (logistician, translator, salesman, etc)

NVD-CWE-noinfo https://github.com/PrestaShop/PrestaShop/pull/11286 https://github.com/PrestaShop/PrestaShop/pull/11285 http://build.prestashop.com/news/prestashop-1-7-4-4-1-6-1-23-maintenance-releases/https://www.exploit-db.com/exploits/45964/https://nvd.nist.gov https://github.com/farisv/PrestaShop-CVE-2018-19126 https://packetstormsecurity.com/files/150757/PrestaShop-1.6.x-1.7.x-Remote-Code-Execution.html

CVE-2018-19125

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect