CVE-2018-10942

modules/attributewizardpro/file_upload.php in the Attribute Wizard addon 1.6.9 for PrestaShop 1.4.0.1 through 1.6.1.18 allows remote attackers to execute arbitrary code by uploading a .phtml file.
References
Link Resource
https://ia-informatica.com/it/CVE-2018-10942 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:attribute_wizard_project:attribute_wizard:1.6.9:*:*:*:*:prestashop:*:*
cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-05-10 03:29

Updated : 2024-02-28 16:25


NVD link : CVE-2018-10942

Mitre link : CVE-2018-10942

CVE.ORG link : CVE-2018-10942


JSON object : View

Products Affected

prestashop

  • prestashop

attribute_wizard_project

  • attribute_wizard
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type