CVE-2024-41651 — HIGH (8.1)

Q: How severe is CVE-2024-41651?

CVE-2024-41651 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-41651?

Check the references section above for vendor advisories and patch information. Affected products include: Prestashop Prestashop.

Vulnerability Description

An issue in Prestashop v.8.1.7 and before allows a remote attacker to execute arbitrary code via the module upgrade functionality. NOTE: this is disputed by multiple parties, who report that exploitation requires that an attacker be able to hijack network requests made by an admin user (who, by design, is allowed to change the code that is running on the server).

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Prestashop	Prestashop	<= 8.1.7

Related Weaknesses (CWE)

CWE-94 CWE-918

References

https://github.com/Fckroun/CVE-2024-41651/tree/mainExploitThird Party Advisory

FAQ

What is CVE-2024-41651?

CVE-2024-41651 is a vulnerability with a CVSS score of 8.1 (HIGH). An issue in Prestashop v.8.1.7 and before allows a remote attacker to execute arbitrary code via the module upgrade functionality. NOTE: this is disputed by multiple parties, who report that exploitat...

How severe is CVE-2024-41651?

CVE-2024-41651 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-41651?

Check the references section above for vendor advisories and patch information. Affected products include: Prestashop Prestashop.