CVE-2024-33836

June 19, 2024, 9:15 p.m.

Tags

cve@mitre.org
2024-06-19
CVE-2024-33836

Product(s) Impacted

JA Marketplace (jamarketplace) from JA Module for PrestaShop

  • 6.X
  • 8.X
  • up to 9.0.1

Description

In the module "JA Marketplace" (jamarketplace) up to version 9.0.1 from JA Module for PrestaShop, a guest can upload files with extensions .php. In version 6.X, the method `JmarketplaceproductModuleFrontController::init()` and in version 8.X, the method `JmarketplaceSellerproductModuleFrontController::init()` allow upload of .php files, which will lead to a critical vulnerability.

Weaknesses

Date

Published: June 19, 2024, 9:15 p.m.

Last Modified: June 19, 2024, 9:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve@mitre.org

References

https://github.com/friends-of-presta/security-advisories/blob/main/_posts/2024-06-18-jamarketplace.md
cve@mitre.org