NotCVE - vendor:"Mypresta" product:"Customer Files Upload" version:"2018-08-01"

1 results (0.004 seconds)

CVSS: 9.8EPSS: 11%CPEs: 2EXPL: 1

CVE-2018-19355

https://notcve.org/view.php?id=CVE-2018-19355

19 Nov 2018 — modules/orderfiles/ajax/upload.php in the Customer Files Upload addon 2018-08-01 for PrestaShop (1.5 through 1.7) allows remote attackers to execute arbitrary code by uploading a php file via modules/orderfiles/upload.php with auptype equal to product (for upload destinations under modules/productfiles), order (for upload destinations under modules/files), or cart (for upload destinations under modules/cartfiles). modules/orderfiles/ajax/upload.php en el addon Customer Files Upload 2018-08-01 para PrestaSho... • https://ia-informatica.com/it/CVE-2018-19355 • CWE-434: Unrestricted Upload of File with Dangerous Type •