CVE-2018-19126

CRITICAL

Prestashop < 1.6.1.23 - Unrestricted File Upload

Title source: rule

Description

PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remote attackers to execute arbitrary code via a file upload.

Exploits (2)

exploitdb WORKING POC
by Fariskhi Vidyan · phpwebappsphp
https://www.exploit-db.com/exploits/45964
nomisec WORKING POC 40 stars
by farisv · poc
https://github.com/farisv/PrestaShop-CVE-2018-19126

References (4)

Scores

CVSS v3 9.8
EPSS 0.5475
EPSS Percentile 98.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-434
Status published
Products (1)
prestashop/prestashop 1.6.0.1 - 1.6.1.23
Published Nov 09, 2018
Tracked Since Feb 18, 2026