Vulnerability Details CVE-2024-25846
In the module "Product Catalog (CSV, Excel) Import" (simpleimportproduct) <= 6.7.0 from MyPrestaModules for PrestaShop, a guest can upload files with extensions .php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 36.4%
CVSS Severity
CVSS v3 Score 9.1
References
- https://addons.prestashop.com/fr/import-export-de-donnees/19091-catalogue-de-produits-csv-excel-dimportation.html
- https://security.friendsofpresta.org/modules/2024/02/27/simpleimportproduct.html
- https://addons.prestashop.com/fr/import-export-de-donnees/19091-catalogue-de-produits-csv-excel-dimportation.html
- https://security.friendsofpresta.org/modules/2024/02/27/simpleimportproduct.html
Products affected by CVE-2024-25846
-
cpe:2.3:a:simpleimportproduct_project:simpleimportproduct:6.2.9