Tunis Soft - Security Researcher - Exploit Intelligence Platform

CVE-2024-24302 WRITEUP CRITICAL WRITEUP

Prestalife Product Designer < 1.178.36 - Insecure Deserialization

An issue was discovered in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the postProcess() method.

CVSS 9.8

View Code

CVE-2024-24307 WRITEUP HIGH WRITEUP

Prestalife Product Designer < 1.178.36 - Path Traversal

Path Traversal vulnerability in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows a remote attacker to escalate privileges and obtain sensitive information via the ajaxProcessCropImage() method.

CVSS 7.5

View Code

CVE-2024-26469 WRITEUP HIGH WRITEUP

Prestalife Product Designer < 1.178.36 - CSRF

Server-Side Request Forgery (SSRF) vulnerability in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows remote attackers to cause a denial of service (DoS) and escalate privileges via the url parameter in the postProcess() method.

CVSS 8.1

View Code