Описание
A PHAR deserialization vulnerability in the component /themes/import of PrestaShop v8.2.0 allows attackers to execute arbitrary code via a crafted POST request.
A PHAR deserialization vulnerability in the component /themes/import of PrestaShop v8.2.0 allows attackers to execute arbitrary code via a crafted POST request.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-25691
- https://github.com/3em0/cve_repo/blob/main/preshop/CVE-2025-25691.md
- https://github.com/PrestaShop/PrestaShop
- http://dem0.com
- http://dem0.com/admin/index.php/improve/design/themes/import?_token=btRUtV2Om2noliZZjeFQZhlMY3gYivjABbPOjP91L6U
- http://prestashop.com
Связанные уязвимости
CVSS3: 6.5
nvd
6 месяцев назад
A PHAR deserialization vulnerability in the component /themes/import of PrestaShop v8.2.0 allows attackers to execute arbitrary code via a crafted POST request.