Description PrestaShop 1.5.5 vulnerable to privilege escalation via a Salesman account via upload module Remediation References CVE-2013-6295 Related Vulnerabilities WordPress Plugin Craw Data Server-Side Request Forgery (1.0.0) Apache 2.x version older than 2.2.8 Nexus Repository Manager Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2021-43961) WordPress Plugin YITH WooCommerce Badge Management Security Bypass (1.3.19) WordPress Plugin Helios Solutions Brand Logo Slider Arbitrary File Upload (2.1) Severity Critical Classification CVE-2013-6295 CWE-269 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Tags Missing Update Known Vulnerabilities