Published: 09/11/2018 Updated: 12/12/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

PrestaShop 1.6.x prior to 1.6.1.23 and 1.7.x prior to 1.7.4.4 allows remote malicious users to execute arbitrary code via a file upload.

Vulnerable Product	Search on Vulmon	Subscribe to Product
prestashop prestashop

PrestaShop versions 16x and 17x suffer from a remote code execution vulnerability ...

PrestaShop (1.6.x <= 1.6.1.23 or 1.7.x <= 1.7.4.4) Back Office Remote Code Execution (CVE-2018-19126)

PrestaShop Back Office Remote Code Execution (CVE-2018-19126) This is the PoC for CVE-2018-19126, chaining multiple vulnerabilities in PrestaShop Back Office to trigger deserialization via phar to achieve remote code execution Prerequisite: PrestaShop 16x before 16123 or 17x before 1744 Back Office account (logistician, translator, salesman, etc)

CWE-434 https://github.com/PrestaShop/PrestaShop/pull/11286 https://github.com/PrestaShop/PrestaShop/pull/11285 http://build.prestashop.com/news/prestashop-1-7-4-4-1-6-1-23-maintenance-releases/https://www.exploit-db.com/exploits/45964/https://nvd.nist.gov https://github.com/farisv/PrestaShop-CVE-2018-19126 https://packetstormsecurity.com/files/150757/PrestaShop-1.6.x-1.7.x-Remote-Code-Execution.html

CVE-2018-19126

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect