exploitDog

CVE-2024-24302

Опубликовано: 03 мар. 2024

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

An issue was discovered in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the postProcess() method.

Ссылки

https://github.com/friends-of-presta/security-advisories/blob/main/_posts/2024-02-29-productdesigner-502.md
Third Party Advisory
https://github.com/friends-of-presta/security-advisories/blob/main/_posts/2024-02-29-productdesigner-502.md
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:prestalife:product_designer:*:*:*:*:*:prestashop:*:*

Версия до 1.178.36 (исключая)

EPSS

Процентиль: 81%

0.01591

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-502

Связанные уязвимости

GHSA-2rpq-p6fh-7mx6

CVSS3: 9.8

github

почти 2 года назад

An issue was discovered in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the postProcess() method.

EPSS

Процентиль: 81%

0.01591

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-502