|Category:||Web application abuses|
|Title:||PrestaShop 1.7.4.x < 126.96.36.199 & 1.6.1.x < 188.8.131.52 RCE Vulnerability|
|Summary:||PrestaShop allows remote attackers to execute arbitrary code via a file upload.|
PrestaShop allows remote attackers to execute arbitrary code via a file upload.
The issue exists on the file manager integrated in the text editor component in the Back Office.
By exploiting a combination of security vunerabilities, an authenticated user in the Back Office could upload a malicious file
that would then allow him or her to execute arbitrary code on the server.
PrestaShop 1.7.4.x before 184.108.40.206 and 1.6.1.x before 220.127.116.11.
Update PrestaShop to version 18.104.22.168 or 22.214.171.124 respectively.
Common Vulnerability Exposure (CVE) ID: CVE-2018-19126|
|Copyright||This script is Copyright (C) 2018 Greenbone Networks GmbH|
|This is only one of 72306 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.