CVE-2024-41651 - Server-Side Request Forgery (SSRF)

Severity

81%

Complexity

22%

Confidentiality

98%

An issue in Prestashop v.8.1.7 and before allows a remote attacker to execute arbitrary code via the module upgrade functionality.

An issue in Prestashop v.8.1.7 and before allows a remote attacker to execute arbitrary code via the module upgrade functionality. NOTE: this is disputed by multiple parties, who report that exploitation requires that an attacker be able to hijack network requests made by an admin user (who, by design, is allowed to change the code that is running on the server).

CVSS 3.1 Base Score 8.1. CVSS Attack Vector: network. CVSS Attack Complexity: high. CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

Overview

First reported 6 months ago

2024-08-12 17:15:00

Last updated 4 months ago

2024-10-09 18:15:00

Affected Software

Prestashop E-Commerce Solution

References

https://github.com/Fckroun/CVE-2024-41651/tree/main

https://github.com/Fckroun/CVE-2024-41651/tree/main

Exploit, Third Party Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.