7.5
CVSSv2

CVE-2018-19126

Published: 09/11/2018 Updated: 12/12/2018
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

PrestaShop 1.6.x prior to 1.6.1.23 and 1.7.x prior to 1.7.4.4 allows remote attackers to execute arbitrary code via a file upload.

Vulnerability Trend

Affected Products

Vendor Product Versions
PrestashopPrestashop1.6.0.1, 1.6.0.2, 1.6.0.3, 1.6.0.4, 1.6.0.5, 1.6.0.6, 1.6.0.7, 1.6.0.8, 1.6.0.9, 1.6.0.10, 1.6.0.11, 1.6.0.12, 1.6.0.13, 1.6.0.14, 1.6.1.0, 1.6.1.1, 1.6.1.2, 1.6.1.3, 1.6.1.4, 1.6.1.5, 1.6.1.6, 1.6.1.7, 1.6.1.8, 1.6.1.9, 1.6.1.10, 1.6.1.11, 1.6.1.12, 1.6.1.13, 1.6.1.14, 1.6.1.15, 1.6.1.16, 1.6.1.17, 1.6.1.18, 1.6.1.19, 1.7.0.0, 1.7.0.1, 1.7.0.2, 1.7.0.3, 1.7.0.4, 1.7.0.5, 1.7.0.6, 1.7.1.0, 1.7.1.1, 1.7.1.2, 1.7.2.0, 1.7.2.1, 1.7.2.2, 1.7.2.3, 1.7.2.4, 1.7.2.5, 1.7.3.0, 1.7.3.1, 1.7.3.2, 1.7.3.3

Mailing Lists

PrestaShop versions 16x and 17x suffer from a remote code execution vulnerability ...

Github Repositories

PrestaShop Back Office Remote Code Execution (CVE-2018-19126) This is the PoC for CVE-2018-19126, chaining multiple vulnerabilities in PrestaShop Back Office to trigger deserialization via phar to achieve remote code execution Prerequisite: PrestaShop 16x before 16123 or 17x before 1744 Back Office account (logistician, translator, salesman, etc) PrestaShop rel

PrestaShop security vulnerability checker The library and the tool to check PrestaShop for vulnerabilities The tool home page and the support page: prestashopmodulezru The full description, how to use and the stable release for download are available there Report example PrestaShop security vulnerability checker (homepage: prestashopmodulezru/en/tools-scripts/70