|Category:||Web application abuses|
|Title:||PrestaShop 1.7.4.x < 188.8.131.52 & 1.6.1.x < 184.108.40.206 RCE Vulnerability|
|Summary:||PrestaShop allows remote attackers to execute arbitrary code via a file upload.|
PrestaShop allows remote attackers to execute arbitrary code via a file upload.
The issue exists on the file manager integrated in the text editor component in the Back Office.
By exploiting a combination of security vunerabilities, an authenticated user in the Back Office could upload a malicious file
that would then allow him or her to execute arbitrary code on the server.
PrestaShop 1.7.4.x before 220.127.116.11 and 1.6.1.x before 18.104.22.168.
Update PrestaShop to version 22.214.171.124 or 126.96.36.199 respectively.
Common Vulnerability Exposure (CVE) ID: CVE-2018-19126|
|Copyright||This script is Copyright (C) 2018 Greenbone Networks GmbH|
|This is only one of 71225 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.