Vulnerability in N/a
CVE-2018-19126
PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remote attackers to execute arbitrary code via a file upload.
EPSS: 0.537 (98.0th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
Public proof-of-concept exploits
References
- github.com/PrestaShop/PrestaShop/pull/11286 (x_refsource_MISC)
- github.com/PrestaShop/PrestaShop/pull/11285 (x_refsource_MISC)
- 45964 (exploit, x_refsource_EXPLOIT-DB)
- build.prestashop.com/news/prestashop-1-7-4-4-1-6-1-23-maintenance-releases/ (x_refsource_MISC)
Frequently asked questions
- What is CVE-2018-19126?
- CVE-2018-19126 is a vulnerability in N/a. Published 2018-11-09.
- Is CVE-2018-19126 known to be exploited?
- 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.