CVE-2024-41651

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Aug 12, 2024

Updated: Oct 9, 2024

CWE ID 94

CWE ID 918

Summary

CVE-2024-41651 is a reported vulnerability in PrestaShop version 8.1.7 and earlier. This issue allegedly allows a remote attacker to execute arbitrary code through the module upgrade functionality. However, it's essential to note that this claim is disputed by several parties, who insist that exploitation is only possible if an attacker manages to hijack network requests made by an admin user, who is granted the permission to modify the running server code.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Prestashop E-Commerce Solution

Affected Vendors

PrestaShop

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/xFQgJT
https://www.cve.org/CVERecord?id=CVE-2024-41651
https://nvd.nist.gov/vuln/detail/CVE-2024-41651

Back to Vulnerability Database