Tunis Soft

3 exploits Active since Mar 2024
CVE-2024-24302 WRITEUP CRITICAL WRITEUP
Product Designer < 1.178.36 - Remote Code Execution via postProcess() Method
An issue was discovered in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the postProcess() method.
CVSS 9.8
CVE-2024-24307 WRITEUP HIGH WRITEUP
Product Designer < 1.178.36 - Path Traversal via ajaxProcessCropImage()
Path Traversal vulnerability in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows a remote attacker to escalate privileges and obtain sensitive information via the ajaxProcessCropImage() method.
CVSS 7.5
CVE-2024-26469 WRITEUP HIGH WRITEUP
Product Designer < 1.178.36 - Server-Side Request Forgery via URL Parameter
Server-Side Request Forgery (SSRF) vulnerability in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows remote attackers to cause a denial of service (DoS) and escalate privileges via the url parameter in the postProcess() method.
CVSS 8.1