An issue in MyPrestaModules ordersexport v.6.0.2 and before allows a remote attacker to execute arbitrary code via the download.php component.
[
{
"cpes": [
"cpe:2.3:a:myprestamodules:orders_\\(csv\\,_excel\\)_export_pro:6.0.2:*:*:*:*:*:*:*"
],
"vendor": "myprestamodules",
"product": "orders_\\(csv\\,_excel\\)_export_pro",
"versions": [
{
"status": "affected",
"version": "6.0.2"
}
],
"defaultStatus": "unknown"
}
]