Unrated severityNVD Advisory· Published Aug 12, 2024· Updated Oct 9, 2024

CVE-2024-41651

Description

An issue in Prestashop v.8.1.7 and before allows a remote attacker to execute arbitrary code via the module upgrade functionality. NOTE: this is disputed by multiple parties, who report that exploitation requires that an attacker be able to hijack network requests made by an admin user (who, by design, is allowed to change the code that is running on the server).

Affected products

Prestashop/Prestashopdescription
osv-coords
pkg:bitnami/prestashop
Range: < 9.0.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/Fckroun/CVE-2024-41651/tree/mainmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.026
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000