Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:CVE-2018-20717
HistoryJan 15, 2019 - 4:29 p.m.

CVE-2018-20717

2019-01-1516:29:00
Google
osv.dev
1

7.6 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.7%

JSON

In the orders section of PrestaShop before 1.7.2.5, an attack is possible after gaining access to a target store with a user role with the rights of at least a Salesman or higher privileges. The attacker can then inject arbitrary PHP objects into the process and abuse an object chain in order to gain Remote Code Execution. This occurs because protection against serialized objects looks for a 0: followed by an integer, but does not consider 0:+ followed by an integer.

Related

osv 1
nvd 1
github 1
cve 1
openvas 1
prion 1
cvelist 1
osv
osv
PrestaShop PHP Object Injection
2022-05-14 01:37:11
nvd
nvd
CVE-2018-20717
2019-01-15 16:29:00
github
github
PrestaShop PHP Object Injection
2022-05-14 01:37:11
cve
cve
CVE-2018-20717
2019-01-15 16:29:00
openvas
openvas
PrestaShop < 1.7.2.5 RCE Vulnerability
2019-01-17 00:00:00
prion
prion
Remote code execution
2019-01-15 16:29:00
cvelist
cvelist
CVE-2018-20717
2019-01-15 16:00:00

7.6 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.7%

JSON
Related for OSV:CVE-2018-20717
osv1nvd1github1cve1openvas1prion1cvelist1