CVE-2024-41651
Last modified
CVE-2024-41651 is a high-severity vulnerability rated 8.1/10 on the CVSS scale. An issue in Prestashop v.8.1.7 and before allows a remote attacker to execute arbitrary code via the module upgrade functionality. NOTE: this is disputed by multiple parties, who report that exploitation requires that an attacker be able to hijack network requests made by an admin user (who, by design, is allowed to change the code that is running on the server).. EPSS estimates a 1.26% chance of exploitation in the next 30 days.
Description
An issue in Prestashop v.8.1.7 and before allows a remote attacker to execute arbitrary code via the module upgrade functionality. NOTE: this is disputed by multiple parties, who report that exploitation requires that an attacker be able to hijack network requests made by an admin user (who, by design, is allowed to change the code that is running on the server).
Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Prestashop | Prestashop | <= 8.1.7 |
References
- https://github.com/Fckroun/CVE-2024-41651/tree/mainExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2024-41651?
How severe is CVE-2024-41651?
How do I fix CVE-2024-41651?
Are you affected by CVE-2024-41651?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST