2 matches found
CVE-2018-19355
modules/orderfiles/ajax/upload.php in the Customer Files Upload addon 2018-08-01 for PrestaShop 1.5 through 1.7 allows remote attackers to execute arbitrary code by uploading a php file via modules/orderfiles/upload.php with auptype equal to product for upload destinations under...
CVE-2018-19355
CVE-2018-19355 affects the PrestaShop Customer Files Upload addon (version 2018-08-01) with a flaw in modules/orderfiles/ajax/upload.php. An attacker can upload a PHP file via modules/orderfiles/upload.php using auptype values (product, order, or cart) to endpoints under modules/productfiles, mod...