Description

PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remote attackers to execute arbitrary code via a file upload.

Remediation

References

CVE-2018-19126

Related Vulnerabilities

Joomla! Core 3.9.x Cross-Site Request Forgery (3.9.0 - 3.9.22)

Django Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-6188)

Django Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2019-19844)

MySQL CVE-2024-21272 Vulnerability (CVE-2024-21272)

Joomla! Core 1.5.x Cross-Site Scripting (1.5.0 - 1.5.9)

Severity

Critical

Classification

CVE-2018-19126 CWE-434 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities