An issue in Prestashop v.8.1.7 and before allows a remote attacker to execute arbitrary code via the module upgrade functionality. NOTE: this is disputed by multiple parties, who report that exploitation requires that an attacker be able to hijack network requests made by an admin user (who, by design, is allowed to change the code that is running on the server).
References
Link | Resource |
---|---|
https://github.com/Fckroun/CVE-2024-41651/tree/main | Exploit Third Party Advisory |
Configurations
History
09 Oct 2024, 18:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) An issue in Prestashop v.8.1.7 and before allows a remote attacker to execute arbitrary code via the module upgrade functionality. NOTE: this is disputed by multiple parties, who report that exploitation requires that an attacker be able to hijack network requests made by an admin user (who, by design, is allowed to change the code that is running on the server). |
03 Oct 2024, 13:45
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.1 |
References | () https://github.com/Fckroun/CVE-2024-41651/tree/main - Exploit, Third Party Advisory | |
CWE | CWE-918 | |
First Time |
Prestashop prestashop
Prestashop |
14 Aug 2024, 21:35
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CWE | CWE-94 |
12 Aug 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-12 17:15
Updated : 2024-10-09 18:15
NVD link : CVE-2024-41651
Mitre link : CVE-2024-41651
CVE.ORG link : CVE-2024-41651
JSON object : View
Products Affected
prestashop
- prestashop