Today > 3 Critical | 10 High | 10 Medium | 4 Low vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-34990

June 19, 2024, 9:15 p.m.

Product(s) Impacted

PrestaShop Help Desk - Customer Support Management System (helpdesk) module

  • up to 2.4.0

Description

In the module "Help Desk - Customer Support Management System" (helpdesk) up to version 2.4.0 from FME Modules for PrestaShop, a customer can upload .php files. Methods `HelpdeskHelpdeskModuleFrontController::submitTicket()` and `HelpdeskHelpdeskModuleFrontController::replyTicket()` allow upload of .php files on a predictable path for connected customers.

Weaknesses

Date

Published: June 19, 2024, 9:15 p.m.

Last Modified: June 19, 2024, 9:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve@mitre.org

References

https://github.com/ cve@mitre.org