CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24302
https://notcve.org/view.php?id=CVE-2024-24302
03 Mar 2024 — An issue was discovered in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the postProcess() method. Se descubrió un problema en el módulo "Product Designer" (productdesigner) de Tunis Soft para PrestaShop anterior a la versión 1.178.36, que permite a atacantes remotos ejecutar código arbitrario, escalar privilegios y obtener información confidencial a t... • https://github.com/friends-of-presta/security-advisories/blob/main/_posts/2024-02-29-productdesigner-502.md • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24307
https://notcve.org/view.php?id=CVE-2024-24307
03 Mar 2024 — Path Traversal vulnerability in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows a remote attacker to escalate privileges and obtain sensitive information via the ajaxProcessCropImage() method. • https://github.com/friends-of-presta/security-advisories/blob/main/_posts/2024-02-29-productdesigner-22.md • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •