Description

PrestaShop 1.5.5 allows remote authenticated attackers to execute arbitrary code by uploading a crafted profile and then accessing it in the module/ directory.

Remediation

References

CVE-2013-6358

Related Vulnerabilities

WordPress Plugin Custom Post Type Relations Cross-Site Scripting (1.0)

WordPress Plugin eCommerce Product Catalog for WordPress Cross-Site Request Forgery (2.9.43)

Ruby on Rails Data Processing Errors Vulnerability (CVE-2014-3916)

WordPress Plugin WP-Ban Security Bypass (1.63)

WordPress Plugin WP Easy Columns Cross-Site Scripting (2.1.3)

Severity

High

Classification

CVE-2013-6358 CWE-434 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities