advanced_form_maker_edit- PrestaShop module vulnerability (CVE-2019-19595)

Moduleadvanced_form_maker_edit

Score

9.8 Critical

Date publish

05-12-2019

Versiones afectadas

Versions from 4.8 up to and including 4.8

Description

reset/modules/advanced_form_maker_edit/multiupload/upload.php in the RESET.PRO Adobe Stock API integration 4.8 for PrestaShop allows remote attackers to execute arbitrary code by uploading a .php file.

References

https://ia-informatica.com/it/CVE-2019-1...

Exploit Third Party Advisory mitre.org

https://ia-informatica.com/it/CVE-2019-1...

Exploit Third Party Advisory

Metrics

cvssMetricV31
source	nvd@nist.gov
type	Primary
version	3.1
vectorString	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
baseScore	9.8
baseSeverity	CRITICAL
attackVector	NETWORK
attackComplexity	LOW
privilegesRequired	NONE
userInteraction	NONE
scope	UNCHANGED
confidentialityImpact	HIGH
integrityImpact	HIGH
availabilityImpact	HIGH
exploitabilityScore	3.9
impactScore	5.9
cvssMetricV2
source	nvd@nist.gov
type	Primary
version	2.0
vectorString	AV:N/AC:L/Au:N/C:P/I:P/A:P
baseScore	7.5
accessVector	NETWORK
accessComplexity	LOW
authentication	NONE
confidentialityImpact	PARTIAL
integrityImpact	PARTIAL
availabilityImpact	PARTIAL
baseSeverity	HIGH
exploitabilityScore	10
impactScore	6.4
acInsufInfo	False
obtainAllPrivilege	False
obtainUserPrivilege	False
obtainOtherPrivilege	False
userInteractionRequired	False