ByteOS Network

NVD Vulnerability Details :

CVE-2018-19355

Analyzed

Source-cve@mitre.org

Published At-19 Nov, 2018 | 00:29

Updated At-02 Jun, 2020 | 14:10

modules/orderfiles/ajax/upload.php in the Customer Files Upload addon 2018-08-01 for PrestaShop (1.5 through 1.7) allows remote attackers to execute arbitrary code by uploading a php file via modules/orderfiles/upload.php with auptype equal to product (for upload destinations under modules/productfiles), order (for upload destinations under modules/files), or cart (for upload destinations under modules/cartfiles).

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary	2.0	7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P

CPE Matches

PrestaShop S.A

>>prestashop>>Versions from 1.5.0.0(inclusive) to 1.7.0.0(inclusive)

cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*

mypresta>>customer_files_upload>>2018-08-01

cpe:2.3:a:mypresta:customer_files_upload:2018-08-01:*:*:*:*:prestashop:*:*

Weaknesses

CWE ID	Type	Source
CWE-434	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
https://ia-informatica.com/it/CVE-2018-19355	cve@mitre.org	Exploit Third Party Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History