CVE-2024-33836
June 19, 2024, 9:15 p.m.
Tags
Product(s) Impacted
JA Marketplace (jamarketplace) from JA Module for PrestaShop
- 6.X
- 8.X
- up to 9.0.1
Description
In the module "JA Marketplace" (jamarketplace) up to version 9.0.1 from JA Module for PrestaShop, a guest can upload files with extensions .php. In version 6.X, the method `JmarketplaceproductModuleFrontController::init()` and in version 8.X, the method `JmarketplaceSellerproductModuleFrontController::init()` allow upload of .php files, which will lead to a critical vulnerability.
Weaknesses
Date
Published: June 19, 2024, 9:15 p.m.
Last Modified: June 19, 2024, 9:15 p.m.
Status : Received
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
cve@mitre.org