Description

PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remote attackers to execute arbitrary code via a file upload.

Remediation

References

CVE-2018-19126

Related Vulnerabilities

Apache HTTP Server Use After Free Vulnerability (CVE-2019-0211)

Apache HTTP Server Out-of-bounds Write Vulnerability (CVE-2020-35452)

WordPress Plugin AMP for WP-Accelerated Mobile Pages Multiple Unspecified Vulnerabilities (0.9.72)

Python Integer Overflow or Wraparound Vulnerability (CVE-2010-1449)

WordPress Plugin Xerte Online 'save.php' Arbitrary File Upload (0.32)

Severity

Critical

Classification

CVE-2018-19126 CWE-434 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities