CVE-2018-19125

HIGH

PrestaShop <1.6.1.23, <1.7.4.4 - Path Traversal

Title source: llm

Description

PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remote attackers to delete an image directory.

Exploits (1)

exploitdb WORKING POC
by Fariskhi Vidyan · phpwebappsphp
https://www.exploit-db.com/exploits/45964

References (4)

Scores

CVSS v3 7.5
EPSS 0.1595
EPSS Percentile 94.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

Status published
Products (1)
prestashop/prestashop 1.6.0.1 - 1.6.1.23
Published Nov 09, 2018
Tracked Since Feb 18, 2026