CVE-2024-25846

Published: Feb 27, 2024Modified: Feb 18, 2026

9.1

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Exploitability: 2.3 / Impact: 6.0

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

In the module "Product Catalog (CSV, Excel) Import" (simpleimportproduct) <= 6.7.0 from MyPrestaModules for PrestaShop, a guest can upload files with extensions .php.

Affected (1)

Products: Myprestamodules: Product Catalog (csv, Excel) Import

Myprestamodules

1 product

Product Catalog (csv, Excel) Import

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Myprestamodules Product Catalog (csv, Excel) Import	Up to 6.7.0

Related CWEs

CWE-434

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (4)

https://addons.prestashop.com/fr/import-export-de-donnees/19091-catalogue-de-produits-csv-excel-dimportation.html

Source: cve@mitre.org

Product

https://security.friendsofpresta.org/modules/2024/02/27/simpleimportproduct.html

Source: cve@mitre.org

ExploitThird Party Advisory

https://addons.prestashop.com/fr/import-export-de-donnees/19091-catalogue-de-produits-csv-excel-dimportation.html

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://security.friendsofpresta.org/modules/2024/02/27/simpleimportproduct.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.