CVE-2013-6358

HIGH

PrestaShop 1.5.5 - Authenticated Remote Code Execution via Crafted Profile Upload

Title source: llm
STIX 2.1

Description

PrestaShop 1.5.5 allows remote authenticated attackers to execute arbitrary code by uploading a crafted profile and then accessing it in the module/ directory.

References (1)

Core 1

Scores

CVSS v3 8.8
EPSS 0.0372
EPSS Percentile 88.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-434
Status published
Products (1)
prestashop/prestashop 1.5.5.0
Published Jan 23, 2020
Tracked Since Feb 18, 2026